Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."
Slashdot is powered by your submissions, so send in your scoop
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
An anonymous reader writes "I'm currently being targeted by an overseas debt collection scam. My landline rings every 10-15 minutes all day every day. I considered getting a blacklisting device to block the incoming calls, but the call center spoofs a different number on my caller ID each time, and it's gotten to the point where I've just unplugged the phones. I'm already on the Do No Call Registry and have filed a complaint with the FTC. Aside from ditching my landline, changing my number, and/or blowing a whistle into the receiver anytime I actually pick up, are there any real solutions out there? Has anybody had luck with a blacklisting device?"
cold fjord writes "It looks like no more spam, spam, spam for Norway's warriors... at least on Mondays. The Daily Caller reports, 'Norway's military is taking drastic steps to ramp up its war against global warming. The Scandinavian country announced its soldiers would be put on a vegetarian diet once a week to reduce the military's carbon footprint. "Meatless Monday's" has already been introduced at one of Norway's main military bases and will soon be rolled out to others, including overseas bases. It is estimated that the new vegetarian diet will cut meat consumption by 150 tons per year. "It's a step to protect our climate," military spokesman Eystein Kvarving told AFP. "The idea is to serve food that's respectful of the environment." ... The United Nations says that livestock farming is responsible for 18 percent of global greenhouse gas emissions. Cutting meat consumption, environmentalists argue, would help stem global warming and improve the environment." — The Manchester Journal reports, "The meatless Monday campaign launched in 2003 as a global non-profit initiative in collaboration with Johns Hopkins University to promote personal and environmental health by reducing meat consumption.'"
Mark Gibbs writes "If you've ever tried to navigate using a smartphone while cycling you'll know full well that you took your life in your hands. By the time you've focused on the map and your brain has decoded what you're looking at you've traveled far enough to be sliding on gravel or go careening into the side of a car. What's needed is a way that you can get directions from your smartphone without having to lose your focus and possibly your life and Hammerhead Navigation have one of the most interesting answers I've seen."
jfruh writes "We've reached a point in our electronic lives where most of our gadgets draw power from a USB cable, and we have lots of USB ports to choose from — some of which live on other gadgets, some of which live on adapters that plug into your wall or car. But those ports supply wildly varying amounts of power, which can result in hours of difference in how long it takes your phone to charge. The Practical Meter, the product of a successful Kickstarter campaign, can help you figure out which power sources are going to juice up your gadgets the fastest."
recoiledsnake writes with news of Google tracking a bit more of your life. From the article: "Google is beta-testing a program that uses smartphone location data to determine when consumers visit stores, according to agency executives briefed on the program by Google employees. Google then connects these store visits to Google searches conducted on smartphones. If someone conducts a Google mobile search for 'screwdrivers,' for instance, a local hardware store could bid to have its store listing served to that user. By pairing that person's location data with its database of store listings, Google can see if the person who saw that ad subsequently visited the store.It is easiest for Google to conduct this passive location tracking on Android users, since Google has embedded location tracking into the software. Once Android users opt in to location services, Google starts collecting their location data as continuously as technologically possible."
starglider29a writes "Yesterday, a website I maintain that has a Twitter presence encountered an 'unsafe' warning when clicking on the tweets. 'This link has been flagged as potentially harmful.' After scanning the site and its database, then checking with Google and third-party site scanners, I found no evidence of harm. At noon, The Atlantic posted an article which describes the same issue with the Philadelphia City Paper. 'Perhaps most frustrating of all is that Twitter has not been particularly responsive to the paper's plight.' If the warnings are incorrect, how does Twitter justify this libel?"
An anonymous reader writes "Email service FastMail.fm has an blog post about an interesting bug they're dealing with related to the new Mail.app in Mac OS 10.9 Mavericks. After finding a user who had 71 messages in his Junk Mail folder that were somehow responsible for over a million entries in the index file, they decided to investigate. 'This morning I checked again, there were nearly a million messages again, so I enabled telemetry on the account ... [Mail.app] copying all the email from the Junk Folder back into the Junk Folder again!. This is legal IMAP, so our server proceeds to create a new copy of each message in the folder. It then expunges the old copies of the messages, but it's happening so often that the current UID on that folder is up to over 3 million. It was just over 2 million a few days ago when I first emailed the user to alert them to the situation, so it's grown by another million since. The only way I can think this escaped QA was that they used a server which (like gmail) automatically suppresses duplicates for all their testing, because this is a massively bad problem.' The actual emails added up to about 2MB of actual disk usage, but the bug generated an additional 2GB of data on top of that."
An anonymous reader writes "Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you're a human, and your work much harder if you're a bot. Unsurprisingly, Google wouldn't share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user's entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test."
Slashdot contributor Bennett Haselton writes "A recent webinar for newsletter publishers suggested that if you want your emails not to be blocked as 'spam,' you paradoxically have to engage in some practices that contribute to the erosion of users' privacy, including some tactics similar to what many spammers are doing. The consequences aren't disastrous, but besides being a loss for privacy, it's another piece of evidence that free-market forces do not necessarily lead to spam filters that are optimal for end users." Read on for the rest of Bennett's thoughts.
wiredog writes "One side effect of the NSA's surveillance program is that a great deal of spam is getting swept up along with the actual communications data. Overwhelming amounts, perhaps. From The Washington Post: '[W]hen one Iranian e-mail address of interest got taken over by spammers ... the Iranian account began sending out bogus messages to its entire address book. ... the spam that wasn't deleted by those recipients kept getting scooped up every time the NSA's gaze passed over them. And as some people had marked the Iranian account as a safe account, additional spam messages continued to stream in, and the NSA likely picked those up, too....Every day from Sept. 11, 2011 to Sept. 24, 2011, the NSA collected somewhere between 2 GB and 117 GB of data concerning this Iranian address."
Okian Warrior writes "Attendees to this year's New York Comic Con convention were allowed to pre-register their RFID-enabled badges online and connect their social media profiles to their badges — something, the NYCC registration site explained, that would make the 'NYCC experience 100x cooler! For realz.' Most attendees didn't expect "100x cooler" to translate into 'we'll post spam in your feed as soon as the RFID badge senses that you've entered the show,' but that seems to be what happened."
Iddo Genuth writes "If you love to go on camping trips and want to charge your mobile phone, tablet or even camera there is a new solution on the way which can do that anywhere day or night and all you need to do is light a little fire and have a few drops of water. The FlameStower efficiently captures excess heat from a gas burner or campfire to charge almost any USB-powered device: cell phones, GPS units and even cameras by using the thermal deferential between the fire and water and the whole thing is already collecting money on Kickstarter (and if you are really handy you can even make a DIY version yourself)."
An anonymous reader writes with word that two of the more intriguing memes of recent times have been outed as elaborate performance art. Bizarre Twitter-centric entities @Horse_ebooks and Pronunciation Book aren't really inexplicable, it turns out: "[These feeds] have been running for the past several years, both have the hallmarks of automation, chugging along anonymously and churning out disjointed bits of text in a very spam-like fashion, but neither is as it appears." The Escapist has a bit more, now that the horse is out of the bag.
Hugh Pickens DOT Com writes "Reuters reports that nineteen companies caught writing fake reviews on websites such as Yelp, Google Local and CitySearch have been snared in a year-long sting operation by the New York Attorney General and will pay $350,000 in penalties. The Attorney General's office set up a fake yogurt shop in Brooklyn, New York, and sought help from firms that specialize in boosting online search results to combat negative reviews. Search optimization companies offered to post fake reviews of the yogurt shop, created online profiles, and paid as little as $1 per review to freelance writers in the Philippines, Bangladesh and Eastern Europe. To avoid detection the companies used 'advanced IP spoofing techniques' to hide their true identities. 'This investigation into large-scale, intentional deceit across the Internet tells us that we should approach online reviews with caution,' said Attorney General Eric Schneiderman. 'More than 100 million visitors come to Yelp each month, making it critical that Yelp protect the integrity of its content,' said Aaron Schur, Yelp's Senior Litigation Counsel."
Beardydog writes "SkyOS, the commercial, alternative OS created almost entirely by Robert Szeleney, became free (as in beer) sometime last month. Alternative OS enthusiasts can be forgiven for missing it, as the website has been largely derelict, and the forums overrun with spam, since the project was halted in 2009. It's not clear from the announcement whether the ISO available is the traditional build, or the version rebuilt around Linux. The post announcing the free version provides a license name ('public') and registration code that must be entered during setup. While it isn't quite the open-sourcing that most followers hoped for, it's heartening to know SkyOS won't be completely lost in the mists of time." For a blast from the past, check out our old stories about SkyOS.
cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."
New submitter hmilz writes "I've been using procmail for years to filter my incoming mail, and over time a long list of spam patterns was created. The good thing about the patterns is, there are practically no false positives, and practically no false negatives, i.e. I see each new spam exactly once, and lose no legit mail. This works by using an external spam-patterns file, containing one pattern per line, and running an 'egrep -F' against it. As simple as this is, with a long pattern list this becomes rather slow and CPU consuming. An average mail currently needs about 15 seconds to be grepped. In other words, this has become quite clumsy over time, and I would like to replace it by a more (CPU, hence energy) efficient method. I was thinking about a small indexed database or something. What would you recommend and use if you were me? Is sqlite something to look at?"
Gunkerty Jeb writes "Kelihos, the peer-to-peer botnet with nine lives, keeps popping up with new capabilities that enable it to sustain itself and make money for its keepers by pushing spam, harvesting credentials and even stealing Bitcoins. According to a number of sources, Kelihos is now leveraging legitimate and freely available security services that manage composite blocking lists (CBLs) to determine if a potential victim's IP address has previously been flagged as a spam source or as a proxy."