Slashdot

Nashville Guy writes "According to Australia's The Age, 'A New Zealand man living in Queensland and believed to be behind the world's largest spam operation, has been ordered to pay more than $16 million for running the illegal enterprise. Lance Atkinson, 26, originally from Christchurch, was living in Pelican Waters on the Sunshine Coast when the US Federal Trade Commission (FTC) had his assets frozen last year. ... The FTC found Atkinson and American Jody Smith were at the centre of the world's largest internet spam operation, dubbed 'AffKing,' having recruited spammers from around the world.'"

Hugh Pickens writes "The Telegraph reports that scientists have created the first artificial meat by extracting cells from the muscle of a live pig and putting them in a broth of other animal products where the cells then multiplied to create muscle tissue. Described as soggy pork, researchers believe that it can be turned into something like steak if they can find a way to 'exercise' the muscle and while no one has yet tasted the artificial meat, researchers believe the breakthrough could lead to sausages and other processed products being made from laboratory meat in as little as five years' time. '"What we have at the moment is rather like wasted muscle tissue. We need to find ways of improving it by training it and stretching it, but we will get there," says Mark Post, professor of physiology at Eindhoven University. "You could take the meat from one animal and create the volume of meat previously provided by a million animals." Animal rights group Peta has welcomed the laboratory-grown meat, announcing that "as far as we're concerned, if meat is no longer a piece of a dead animal there's no ethical objection while the Vegetarian Society remained skeptical. "The big question is how could you guarantee you were eating artificial flesh rather than flesh from an animal that had been slaughtered. It would be very difficult to label and identify in a way that people would trust.""

tsu doh nimh writes "Alan Ralsky, the 64-year-old dubbed the 'Godfather of Spam,' was sentenced to 51 months in prison on Monday, the Washington Post's Security Fix blog reports. According to anti-spam group Spamhaus.org, Ralsky has been spamming since at least 1997, using dozens of aliases and tens of thousands of 'zombies' or hacked PCs to relay junk e-mail. Also sentenced — to 40 months in jail — was Ralsky's 48-year-old son-in-law, Scott K. Bradley, and two other men named last year in a 41-count indictment for wire fraud, mail fraud, money laundering and violations of the CAN-SPAM Act." And eldavojohn writes "19-year-old Dmitriy Guzner, Anonymous member and Scientology DDoS attacker, received one year and one day in jail for his admitted crime. His sentence could have been a maximum ten years. According to the Church of Scientology, Anonymous has harassed and attacked them with '8,139 threatening phone calls, 3.6 million e-mails, 141 million hits on its website, ten acts of vandalism against its property, 22 bomb threats, and eight death threats against Church leaders.'"

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

dag writes "Drupal 6 Social Networking is an interesting book about how to build social networks and why Drupal is a good choice as a platform for building communities. Even if you don't have any Drupal experience yet, this book explains what is needed when you start from scratch and looks at the different facets of a social network." Keep reading for the rest of Dag's review.

Rexdude writes "Apple has filed a patent that forces users to interact with an ad. FTFA: 'Its distinctive feature is a design that doesn't simply invite a user to pay attention to an ad — it also compels attention. The technology can freeze the device until the user clicks a button or answers a test question to demonstrate that he or she has dutifully noticed the commercial message. Because this technology would be embedded in the innermost core of the device, the ads could appear on the screen at any time, no matter what one is doing.'" We've been following this story for awhile now but it seems to have broken into the mainstream.

turtleshadow writes "Brian Krebs of the Security Fix Blog analyzes the McColo Spamming one year later and asks an interesting question: 'How does one renovate and recoup the lost trust to the slums of the Internet and reclaim back all the domains and IPs that have been blacklisted?' Indeed, the economic benefits abound when a huge swath of illegal and annoying activity ceases — but given the basic design of the Internet, what happens over the long run to IP space and DNS when hosting companies come and go and vary in their trustworthiness? So too, now Geocities is dead [as a business], but does that still live in your filter list? It still appears in OpenDNS under several policy categories. How, in a few years, will I tell if some Hosting/Colo sold me Whitechapel Road/Ventura Avenue for Mayfair/Boardwalk prices, and no one is going to accept my mail from a former slum? When do you, if ever, roll back the blacklists and filters for 'dead' threats and spammers?"

jamie writes with a follow-up to our recent discussion of social gaming scams: "Mark Pincus, CEO of the company that brought us Mafia Wars, says: 'I did every horrible thing in the book just to get revenues right away. I mean, we gave our users poker chips if they downloaded this Zwinky toolbar, which was like, I don't know... I downloaded it once and couldn't get rid of it.'" TechCrunch also ran a interesting tell-all from the CEO of a company specializing in Facebook advertisements, who provided some details on similarly shady operations at the popular social networking site.

The Register is reporting on the takedown of a botnet once responsible for 1/3 of the world's spam. The deed was done by researchers from the security firm FireEye, who detailed the action in a series of blog posts. PC World's coverage estimates that lately the botnet has accounted for 4% of spam. From the Register: "After carefully analyzing the machinations of the massive botnet, alternately known as Mega-D and Ozdok, the FireEye employees last week launched a coordinated blitz on dozens of its command and control channels. ... Almost immediately, the spam stopped, according to M86 Security blog. ... The body blow is good news to ISPs that are forced to choke on the torrent of spam sent out by the pesky botnet. But because many email servers already deployed blacklists that filtered emails sent from IP addresses known to be used by Ozdok, end users may not notice much of a change. ... With [the] head chopped off of Ozdok, more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control..."

Michael J. Ross writes "Of the leading content management systems used by developers for creating websites, Drupal is highly regarded for many characteristics, including a much smaller initial footprint, compared to Joomla and other CMSs. Yet some developers find this a disadvantage as well, because one of the most common criticisms leveled against Drupal is its lack of built-in support for images and multimedia elements — thereby forcing new Drupal developers to choose from the thousands of contributed Drupal modules those that would be optimal for implementing their websites' multimedia functionality. Aaron Winborn's book Drupal Multimedia is intended as a guide to help such developers." Keep reading for the rest of Michael's review.

palegray.net writes "SORBS, a well-known email blocklist provider, has reportedly been sold for $451k. Early reports indicate an acquisition by GFI, a company specializing in various communications services. In recent years, SORBS has been the target of frequent accusations of mismanagement and poor conduct, leading many to wonder if this turn in events might signal a chance for improved behavior. Citing lack of ISP support, the blocklist released statements earlier this year that they would be shuttering their operation."

An anonymous reader writes "Facebook is on a never-before-seen legal rampage against high profile internet spammers. Today Facebook was awarded yet another nine-figure settlement, this time for over $700 million. Facebook also has a criminal contempt case on Wallace, which means a high likelihood of prison, a big win for the internet and a milestone in cyber law. 'The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct,' Jeremy Fogel wrote in his judgment order, which permanently prohibits Wallace from accessing the Facebook Web site or creating a Facebook account, among other restrictions."

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"

Sooner Boomer writes "Nigerian police, in what is named Operation 'Eagle Claw,' have shut down 800 scam web sites and arrested members of 18 syndicates behind the fraudulent scam sites. Reports on Breitbart.com and Pointblank give details on the busts. The investigation was done in cooperation with Microsoft to help develop smart technology software capable of detecting fraudulent emails. From Breitbart: 'When operating at full capacity, within the next six months, the scheme, dubbed "Eagle Claw," should be able to forewarn around a quarter of million potential victims.'"

An anonymous reader writes "New Canadian anti-spam and anti-spyware legislation is scheduled for a key vote on Monday. Michael Geist reports that the copyright lobby has been pushing to remove parts of the bill that would take away exceptions which currently allow spyware to be installed without authorization. 'The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means.' There have also been proposals to extend the exemptions granted to telecom providers to include the installation of programs without the user's express consent, which Geist says will 'leave the door open to private, surreptitious surveillance.'"

With the latest release of the popular anti-malware tool Ad-Aware, Lavasoft has added what is being referring to as "Genotype," a heuristic-based behavioral detection engine. In addition to a new (and what appears to be faster) method of detection and elimination, there are a few incremental updates like the simple/advanced toggle and a potentially always-on "gaming mode," which attempts to do real-time filtering while you are playing games, watching videos, or just browsing.

We recently redesigned the Submission Form to make it (hopefully) a little easier for you to shovel news our way. The new system also will allow you to tag your submissions. A reminder that you can participate in rating stories and filtering spam from the recent submissions page. And by bookmarking this convenient bookmarklet you can submit stories from the comfort of whatever web page you are browsing.

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

Usagi_yo writes "Endless whispers for Kinah (Aion's in-game currency), scrolling chat tabs of multi-line spam messages from currency traders, phishing scams, key-logger scam, power leveling — it's all there and it's very ugly for NCsoft's release of Aion MMORPG, as players are starting to revolt only two weeks into the game's release." This reader originally pointed to the Aion general forums, which displayed a ton of threads complaining about spammers. Many of those threads have since been deleted (though more continue to crop up). Make of that what you will. I've been playing Aion a bit, and the spamming is certainly becoming a problem. When it began, it was mainly just whisper-spam from level 1 accounts, which NCSoft quickly stepped on by denying whispers before level 5. Not the most elegant solution, but it was a decent attempt to complement the /anon command, which makes your character invisible to /who searches. Then the spammers just started leveling to 5, which doesn't take too long, but in order to make up for lost time, they co-opted the global "looking for group" channel, flooding it such that the channel is now useless. You can easily block the channel from view (giving up entirely on what was once a helpful channel), or individually block each of the spammers as they arrive, but hopefully NCSoft will soon implement a solution that's less annoying to players. They say they're still on the case.