Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

United States

Cuba: US Using New Weapon Against Us -- Spam 137

Posted by samzenpus
from the filling-the-pipes dept.
mpicpp (3454017) writes in with news about accusations from Cuban officials about a spamming campaign against the country by the U.S.. "Cuban officials have accused the U.S. government of bizarre plots over the years, such as trying to kill Fidel Castro with exploding cigars. On Wednesday, they said Washington is using a new weapon against the island: spam. 'It's overloading the networks, which creates bad service and affects our customers,' said Daniel Ramos Fernandez, chief of security operations at the Cuban government-run telecommunications company ETECSA. At a news conference Wednesday, Cuban officials said text messaging platforms run by the U.S. government threatened to overwhelm Cuba's creaky communications system and violated international conventions against junk messages. The spam, officials claim, comes in the form of a barrage of unwanted text messages, some political in nature. Ramos said that during a 2009 concert in Havana performed by the Colombian pop-star Juanes, a U.S. government program blanketed Cuban cell phone networks with around 300,000 text messages over about five hours."
Communications

Yahoo DMARC Implementation Breaks Most Mailing Lists 83

Posted by Soulskill
from the we-can-think-this-through-after-it's-pushed-live dept.
pdclarry writes: "On April 8, Yahoo implemented a new DMARC policy that essentially bars any Yahoo user from accessing mailing lists hosted anywhere except on Yahoo and Google. While Yahoo is the initiator, it also affects Comcast, AT&T, Rogers, SBCGlobal, and several other ISPs. Internet Engineering Council expert John R. Levine, a specialist in email infrastructure and spam filtering, said, 'Yahoo breaks every mailing list in the world including the IETF's' on the Internet Engineering Task Force (IETF) list.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a two-year-old proposed standard previously discussed on Slashdot that is intended to curb email abuse, including spoofing and phishing. Unfortunately, as implemented by Yahoo, it claims most mailing list users as collateral damage. Messages posted to mailing lists (including listserv, mailman, majordomo, etc) by Yahoo subscribers are blocked when the list forwards them to other Yahoo (and other participating ISPs) subscribers. List members not using Yahoo or its partners are not affected and will receive posts from Yahoo users. Posts from non-Yahoo users are delivered to Yahoo members. So essentially those suffering the most are Yahoo's (and Comcast's, and AT&T's, etc) own customers. The Hacker News has details about why DMARC has this effect on mailing lists. Their best proposed solution is to ban Yahoo email users from mailing lists and encourage them to switch to other ISPs. Unfortunately, it isn't just Yahoo, although they are getting the most attention."
Hardware

An SSD for Your Current Computer May Save the Cost of a New One (Video) 353

Posted by Roblimo
from the breaking-the-i/o-speed-barrier dept.
Obviously, the first performance enhancement you do on any computer you own is max out the RAM. RAM has gotten cheap, and adding more of it to almost any computer will make it faster without requiring any other modification (or any great skill). The next thing you need to do, says Larry O'Connor, the founder and CEO of Other World Computing (OWC), is move from a "platter" hard drive to a Solid State Drive (SSD). Larry's horse in this race is that his company sells SSDs, mostly for Macs. But he's a real evangelist about SSDs and computer mods in general, even if you buy them from NewEgg, Amazon or another vendor.

A big (vendor-neutral) thing Larry points out is that just because you have a Terabyte drive in your computer now doesn't mean you need a Terabyte SSD, which can easily cost $500. Rather, he says, all you need is a large enough SSD to contain your OS and software and whatever data you're working with at the moment, so you might be able to get by with a 120 GB SSD that costs well under $100. Clone your current main drive, stick in the new SSD, and if your need more storage, get another hard drive (or use your old one). Simple. Efficient. And a lot cheaper than buying a new computer, whether we're talking about home, business or even enterprise use. (Alternate video link.)
Hardware

Used IT Equipment Can Be Worth a Fortune (Video) 79

Posted by Roblimo
from the how-much-is-that-mainframe-in-the-window? dept.
This is a conversation with Frank Muscarello, CEO and co-founder of MarkiTx, a company that brokers used and rehabbed IT equipment. We're not talking about an iPhone 3 you might sell on craigslist, but enterprise-level items. Cisco. Oracle. IBM mainframes. Racks full of HP or Dell servers. That kind of thing. In 2013 IDC pegged the value of the used IT equipment market at $70 billion, so this is a substantial business. MarkiTx has three main bullet points: *Know what your gear is worth; *Sell with ease at a fair price; and *Buy reliable, refurbished gear. Pricing is the big deal, Frank says. With cars you have Cars.com and Kelley Blue Book. There are similar pricing services for commercial trucks, construction equipment, and nearly anything else a business or government agency might buy or sell used. For computers? Not so much. Worth Monkey calls itself "The blue book for used electronics and more," but it only seems to list popular consumer equipment. I tried looking up several popular Dell PowerEdge servers. No joy. An HTC Sensation phone or an Acer Aspire notebook? Sure. With price ranges based on condition, same as Kelley Blue Book does with cars. Now back to the big iron. A New York bank wants to buy new servers. Their old ones are fully depreciated in the tax sense, and their CTO can show stats saying they are going to suffer from decreasing reliability. So they send out for bids on new hardware. Meanwhile, there's a bank in Goa, India, that is building a server farm on a tight budget. If they can buy used servers from the New York bank, rehabbed and with a warranty, for one-third what they'd cost new, they are going to jump on this deal the same way a small earthmoving operation buys used dump trucks a multinational construction company no longer wants.

In February, 2013 Computerworld ran an article titled A new way to sell used IT equipment about MarkiTx. The main differentiator between MarkiTx and predecessor companies is that this is primarily an information company. It is not eBay, where plenty of commercial IT equipment changes hands, nor is it quite like UK-based Environmental Computer, which deals in used and scrap computer hardware. It is, rather, the vanguard of computer hardware as a commodity; as something you don't care about as long as it runs the software you need it to run, and you can buy it at a good price -- or more and more, Frank notes -- rent a little bit of its capacity in the form of a cloud service, a direction in which an increasing number of business are moving for their computing needs. Even more fun: Let's say you are (or would like to be) a local or regional computer service company and you want to buy or sell or broker a little used hardware. You could use MarkiTx's price information to set both your buy and sell prices, same as a car dealer uses Kelley Blue Book. We seem to be moving into a whole new era of computer sales and resales. MarkiTx is one company making a splash in this market. But there are others, and there are sure to be even more before long. (Alternate video link.)
China

China Arrests 1,500 People For Sending Spam Messages From Fake Mobile Bases 35

Posted by samzenpus
from the watch-what-you-text dept.
concertina226 (2447056) writes "Chinese authorities have detained a total of 1,530 suspects in a crackdown on spam SMS text messages being sent out by illegal telecoms equipment, according to Chinese news agency ECNS. Over 2,600 fake mobile base stations were seized and 24 sites manufacturing illegal telecoms equipment shut down as part of a massive nationwide operation involving nine central government and Communist Party of China departments. A report released by Trend Micro this month looked into the telecoms equipment black market in China (PDF) and found that cybercriminals routinely use either a GSM modem, an internet short message gateway and an SMS server to send out spam messages. On the underground market, SMS servers come in 'all-in-one' packages that include a laptop, a GSM mobile phone, an SMS server, an antenna to send out the fake signal and a USB cable, all for RMB 45,000 (£4,355)."
Security

Malware Attack Infected 25,000 Linux/UNIX Servers 220

Posted by Soulskill
from the sudo-configure-your-stuff-properly dept.
wiredmikey writes "Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world. The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling 'Operation Windigo.' Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as many as 35 million spam messages a day. 'Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control,' said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren't zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH. ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present."
Google

Using Google Maps To Intercept FBI and Secret Service Calls 137

Posted by Soulskill
from the enjoy-your-stay-on-government-watchlists dept.
An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."
Google

Gmail's 'Unsubscribe' Tool Comes Out of the Weeds 129

Posted by timothy
from the and-don't-come-back dept.
itwbennett writes "Starting this week, a new, clearly marked 'unsubscribe' link will appear at the top of the header field in marketers' emails. Previously only appearing for a small percentage of users, the feature will now be made available for most promotional messages with unsubscribe options, Google said on Thursday. Email recipients do not need to take action for the links to appear."
Privacy

Ask Slashdot: Anti-Camera Device For Use In a Small Bus? 478

Posted by timothy
from the only-we-control-the-blackmail dept.
Paul server guy writes "I am building a limousine bus, and the owners want to prevent occupants from using cameras on board. (But they would like the cameras mounted on the bus to continue to operate; I think they would consider this optional.) They would also like to do it without having to wear any 'anti-paparazzi' clothing (because they also want to protect the other guests on board), and without destroying the cameras. (So no EMP generators, please). We've done some testing with high-power IR, but that proved ineffective. Does anyone have any ideas that they are willing to share?"
The Media

Reporting From the Web's Underbelly 74

Posted by Unknown Lamer
from the shotgun-submission dept.
mspohr writes "The New York Times has an interesting article about Brian Krebs (Krebs on Security): 'In the last year, Eastern European cybercriminals have stolen Brian Krebs's identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.' His reporting is definitely on the edge. 'Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus.' The article concludes with this: 'Mr. Joffe worries Mr. Krebs's enemies could do far worse. "I don't understand why he hasn't moved to a new, undisclosed address," he said. "But Brian needs a bodyguard."' (He does have a shotgun.)"
Security

NBC News Confuses the World About Cyber-Security 144

Posted by samzenpus
from the think-of-the-athletes dept.
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
Spam

The Spamming Refrigerator 90

Posted by timothy
from the silly-rabbit-spam-is-for-cans dept.
puddingebola writes "The 'Internet of Things' is as susceptible to malware and spam as the rest of the net. From the article, 'A fridge has been discovered sending out spam after a web attack managed to compromise smart gadgets...The spam attack took place between 23 December 2013 and 6 January this year, said Proofpoint in a statement. In total, it said, about 750,000 messages were sent as part of the junk mail campaign. The emails were routed through the compromised gadgets. About 25% of the messages seen by Proofpoint researchers did not pass through laptops, desktops or smartphones, it said.' Read Proofpoint's statement here."
Google

Bennett Haselton: Google+ To Gmail Controversy Missing the Point 244

Posted by samzenpus
from the read-all-about-it dept.
Bennett Haselton writes "Google created controversy by announcing that Google+ users will now be able to send email to Gmail users even without having those Gmail users' email addresses. I think this debate misses the point, because it's unlikely to create a deluge of unsolicited email to Gmail users, as long as Google can throttle outgoing messages from Google+ users and terminate abusive accounts. The real controversy should be over the fact that Google+ users can search a public database of the names of all Gmail users in the first place. And limiting the ability of Google+ users to write to those Gmail accounts, won't do anything to address that." Read below to see what Bennett has to say.
Games

Emmett Plant Talks About the Paper-Based RPG Game Business (Video) 64

Posted by Roblimo
from the paper-games-never-quite-went-away dept.
Emmett has a good rep as a video game music composer, and he's worked on a number of Star Trek-related projects, including the recently-released audio book, How to Speak Klingon: Essential Phrases for the Intergalactic Traveler. Emmett freely admits that he has no experience with RPG games. The closest he's come was running a major D&D meetup some years back. But he has experience and contacts developed from many years working online not only within the Star Trek community but (years ago) on Slashdot and as editor for Linux.com. And, he says, when he was a teenager he ran comic book stores. So is Emmett suited to run an RPG company? Possibly. He's actively looking for games to publish. Sales aren't going to start for six months or so, so there is no website for Arrakeen Tactical quite yet. Until there is one, you can contact Emmett about his game venture by emailing angelaATclockworkjetpack.com.
Google

Rap Genius Returns To Google Search Rankings 115

Posted by Soulskill
from the play-nice-with-the-internets dept.
theodp writes "After being punished by Google for manipulative SEO tactics, a contrite Rap Genius says it's back in Google's good graces. 'It takes a few days for things to return to normal, but we're officially back!' reads a post by the Rap Genius founders. 'First of all, we owe a big thanks to Google for being fair and transparent and allowing us back onto their results pages. We overstepped, and we deserved to get smacked.' Rap Genius credits some clever trackback scraping programming for its quick redemption, but a skeptic might suggest it probably didn't hurt that Rap Genius' biggest investor, Andreessen Horowitz, is tight with Google."
Spam

Convicted Spammer Jeffrey Kilbride Flees Prison 233

Posted by timothy
from the be-cautious-subject-is-considered-a-spammer dept.
An anonymous reader writes with this news from California: "According to the article, 'Officials at the Federal Bureau of Prisons say an inmate escaped from a minimum security area of the federal prison in Lompoc. Prison officials say Jeffrey Kilbride, 48, was discovered missing at around 1:30 p.m. on Friday....A search is reportedly underway. Prison officials say Kilbride was serving a 78-month sentence for conspiracy and fraud. He was due to be released on December 11, 2015.'" Here's why Kilbride was in prison.
Spam

Whatever Happened To Sanford "Spamford" Wallace? 45

Posted by Unknown Lamer
from the dj-master-spam dept.
Tackhead writes "People of a certain age — the age before email filters were effective, may remember a few mid-90s buzzwords like 'bulletproof hosting' and 'double opt-in.' People may remember that Hormel itself conceded that although 'SPAM' referred to their potted meat product, the term 'spam' could refer to unsolicited commercial email. People may also remember AGIS, Cyberpromo, Sanford 'Spam King' Wallace, and Walt Rines. Ten years after a 2003 retrospective on Rines and Wallace, Ars Technica reminds us that the more things change, the more they stay the same."
Security

Spamhaus Calls for Fining Operators of Insecure Servers 170

Posted by Unknown Lamer
from the banned-from-the-net dept.
Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."
Security

Researchers Build Covert Acoustical Mesh Networks In Air 107

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
Communications

Ask Slashdot: How Would You Stop a Debt Collection Scam From Targeting You? 497

Posted by timothy
from the have-you-considered-just-going-into-debt? dept.
An anonymous reader writes "I'm currently being targeted by an overseas debt collection scam. My landline rings every 10-15 minutes all day every day. I considered getting a blacklisting device to block the incoming calls, but the call center spoofs a different number on my caller ID each time, and it's gotten to the point where I've just unplugged the phones. I'm already on the Do No Call Registry and have filed a complaint with the FTC. Aside from ditching my landline, changing my number, and/or blowing a whistle into the receiver anytime I actually pick up, are there any real solutions out there? Has anybody had luck with a blacklisting device?"

Porsche: there simply is no substitute. -- Risky Business

Working...