An anonymous reader quotes ZDNet: A huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers.

The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world, Benkow told ZDNet. Troy Hunt, who runs breach notification site Have I Been Pwned, said it was a "mind-boggling amount of data." Hunt, who analyzed the data and details his findings in a blog post, called it the "largest" batch of data to enter the breach notification site in its history... Those credentials, he explained, have been scraped and collated from other data breaches, such as the LinkedIn hack and the Badoo hack, as well also other unknown sources.
The data includes information on 80 million email servers, and it's all used to identify which recipients have Windows computers, so they can be targeted in follow-up emails delivering Windows-specific malware.

An anonymous reader writes:Researchers from Positive Technologies -- a provider of enterprise security solutions -- have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs that many have called a secret backdoor, even if Intel advertised it as a "remote PC management" solution. People have been trying for years to find a way to disable the Intel ME component, but have failed all this time. This is because disabling Intel ME crashes computers, as Intel ME is responsible for the initialization, power management, and launch of the main Intel processor.

Positive Technologies experts revealed they discovered a hidden bit inside the firmware code, which when flipped (set to "1") will disable ME after ME has done its job and booted up the main processor. The bit is labelled "reserve_hap" and a nearby comment describes it as "High Assurance Platform (HAP) enable." High Assurance Platform (HAP) is an NSA program that describes a series of rules for running secure computing platforms. Researchers believe Intel has added the ME-disabling bit at the behest of the NSA, who needed a method of disabling ME as a security measure for computers running in highly sensitive environments.
The original submission linked to a comment with more resources on the "Intel CPU backdoor" controversy.

Cybersecurity expert and Berkman Klein fellow Bruce Schneier talked to the Gazette about what consumers can do to protect themselves from government and corporate surveillance. From the interview: GAZETTE: After whistleblower Edward Snowden's revelations concerning the National Security Agency's (NSA) mass surveillance operation in 2013, how much has the government landscape in this field changed?
SCHNEIER: Snowden's revelations made people aware of what was happening, but little changed as a result. The USA Freedom Act resulted in some minor changes in one particular government data-collection program. The NSA's data collection hasn't changed; the laws limiting what the NSA can do haven't changed; the technology that permits them to do it hasn't changed. It's pretty much the same.
GAZETTE: Should consumers be alarmed by this?
SCHNEIER: People should be alarmed, both as consumers and as citizens. But today, what we care about is very dependent on what is in the news at the moment, and right now surveillance is not in the news. It was not an issue in the 2016 election, and by and large isn't something that legislators are willing to make a stand on. Snowden told his story, Congress passed a new law in response, and people moved on.
GAZETTE: What about corporate surveillance? How pervasive is it?
SCHNEIER: Surveillance is the business model of the internet. Everyone is under constant surveillance by many companies, ranging from social networks like Facebook to cellphone providers. This data is collected, compiled, analyzed, and used to try to sell us stuff. Personalized advertising is how these companies make money, and is why so much of the internet is free to users. We're the product, not the customer.