An anonymous reader quotes a report from Ars Technica: Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on "quite a few" sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean. "Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites," Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware. He wrote, "[...] it seems that the malware that we've found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites." The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company's offerings should carefully inspect their systems to ensure they're not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

Kalper (Slashdot reader #57,281) shares news from Bleeping Computer: Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. When this bug is triggered, an 1106 error will appear in the Exchange Server's Event Log stating, "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date to officially fix this bug.

However, for on-premise Exchange Servers currently affected, admins have found that you can disable the FIP-FS scanning engine to allow email to start delivering again... Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft's scanning engine, leading to more malicious emails and spam getting through to users.

British telco Virgin Media is facing a 50,000 pound financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf. The Register reports: Just one customer complained to the Information Commissioner's Office (ICO) about receiving the spam -- but that was enough to spur the regulator into investigating. In a message disguised as a routine communication about tariff prices, Virgin told the unfortunate 451,217 recipients it knew full well they'd opted out of marketing emails but wanted them to opt back in. A dischuffed customer wrote to the ICO urging action, describing the spam as "basically a service message dressed up as an attempt to get me to opt back in to marketing communications." When the ICO asked Virgin why it did this thing, the telco said the 451,000 recipients had opted out of being spammed more than a year ago, and therefore "might have changed their marketing preferences."

Even though 6,500 customers decided to opt back into receiving marketing emails as a result of the mailshot, the ICO said this wasn't enough to ignore regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. This is the bit of the law that says email marketers must have your consent before filling your mailbox with enticing new ways to part you from your hard-earned cash. "The fact that Virgin Media had the potential for financial gain from its breach of the regulation (by signing up more clients to direct marketing) is an aggravating factor, not a defense," sniffed the unamused watchdog.

An anonymous reader quotes a report from Ars Technica: Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 of its highest-profile customers, including nine US federal agencies. Nobelium -- the name Microsoft gave to the intruders -- was eventually expelled, but the group never gave up and arguably has only become more brazen and adept at hacking large numbers of targets in a single stroke. The latest reminder of the group's proficiency comes from security firm Mandiant, which on Monday published research detailing Nobelium's numerous feats -- and a few mistakes -- as it continued to breach the networks of some of its highest-value targets.

Mandiant's report shows that Nobelium's ingenuity hasn't wavered. Since last year, company researchers say the two hacking groups linked to the SolarWinds hack -- one called UNC3004 and the other UNC2652 -- have continued to devise new ways to compromise large numbers of targets in an efficient manner. Instead of poisoning the supply chain of SolarWinds, the groups compromised the networks of cloud solution providers and managed service providers, or CSPs, which are outsourced third-party companies that many large companies rely on for a wide range of IT services. The hackers then found clever ways to use those compromised providers to intrude upon their customers. The advanced tradecraft didn't stop there. According to Mandiant, other advanced tactics and ingenuities included:

• Use of credentials stolen by financially motivated hackers using malware such as Cryptbot (PDF), an information stealer that harvests system and web browser credentials and cryptocurrency wallets. The assistance from these hackers allowed the UNC3004 and UNC2652 to compromise targets even when they didn't use a hacked service provider.
• Once the hacker groups were inside a network, they compromised enterprise spam filters or other software with "application impersonation privileges," which have the ability to access email or other types of data from any other account in the compromised network. Hacking this single account saved the hassle of having to break into each account individually.
• The abuse of legitimate residential proxy services or geo-located cloud providers such as Azure to connect to end targets. When admins of the hacked companies reviewed access logs, they saw connections coming from local ISPs with good reputations or cloud providers that were in the same geography as the companies. This helped disguise the intrusions, since nation-sponsored hackers frequently use dedicated IP addresses that arouse suspicions.
• Clever ways to bypass security restrictions, such as extracting virtual machines to determine internal routing configurations of the networks they wanted to hack.
• Gaining access to an active directory stored in a target's Azure account and using this all-powerful administration tool to steal cryptographic keys that would generate tokens that could bypass two-factor authentication protections. This technique gave the intruders what's known as a Golden SAML, which is akin to a skeleton key that unlocks every service that uses the Security Assertion Markup Language, which is the protocol that makes single sign-on, 2FA, and other security mechanisms work.
• Use of a custom downloader dubbed Ceeloader.

Mozilla launched Firefox Relay as a free product that gives you five email aliases you can use every time you need to sign up for a random account online. From a report: Now, the organization has introduced a paid Premium tier for the service that will give you access to even more aliases. You'll get your own subdomain (yourdomain.mozmail.com) when you subscribe, and you'll be able to create an unlimited number of emails. The tier will also give you access to a summary dashboard with the emails you make, the option to use your aliases when you reply to messages and a 150 kb attachment allowance. After you sign up for Relay, you'll have to install its Firefox extension to be able to take advantage of its features. Every time you visit a website that asks for an email address, the Relay icon will appear on your browser, and you can click it to generate a random address.The service will forward messages you get using your aliases to your primary email account, and you can block all messages from coming in or even delete the alias when it starts getting spam. Mozilla didn't say how much a Premium subscription will cost in the future, but it's offering the tier at an introductory price of $1/EUR1 per month for a limited time.

An anonymous reader quotes a report from The Record: The Emotet malware botnet is back up and running once again almost ten months after an international law enforcement operation took down its command and control servers earlier this year in January. The comeback is surprising because after taking over Emotet's server infrastructure, law enforcement officials also orchestrated a mass-uninstall of the malware from all infected computers on April 25, effectively wiping out the entire botnet across the internet.

[O]ver the weekend, security researcher Luca Ebach said he spotted that another malware botnet named TrickBot was helping the Emotet gang get back on its feet by installing the Emotet malware on systems that had been previously infected with TrickBot. "We used to call this Operation ReachAround back when Emotet was dropped by Trickbot in the past," a spokesperson for Cryptolaemus, a group of security researchers who tracked Emotet in the past, told The Record today. [...]

Cryptolaemus said that right now, the Emotet gang is not sending out any new email spam but relying on the TrickBot gang to help them create an initial footprint of their new botnet incarnation before ramping up spam operations again. But if Emotet's comeback will succeed remains to be seen. It would be very hard for Emotet to reach its previous size any time in the coming months; however, the malware strain itself remains a very sophisticated and capable threat that shouldn't be ignored.

Long-time Slashdot reader davidwr brings news of "an exploit in the FBI's Law Enforcement Enterprise Portal web site that would let anyone send an email to any arbitrary recipient..."

Security researcher Brian Krebs reports: Late in the evening of November 12 ET, tens of thousands of emails began flooding out from the FBI address eims@ic.fbi.gov, warning about fake cyberattacks.

Around that time, KrebsOnSecurity received an email from the same email address. "Hi its pompompurin," read the message. "Check headers of this email it's actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks." A review of the email's message headers indicated it had indeed been sent by the FBI, and from the agency's own Internet address. The domain in the "from:" portion of the email I received — eims@ic.fbi.gov — corresponds to the FBI's Criminal Justice Information Services division (CJIS).

According to the Department of Justice... "CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services..."

In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI's system. "I could've 1000% used this to send more legit looking emails, trick companies into handing over data etc.," Pompompurin said.
Instead Pompompurin apparently sent emails with the subject line, "Urgent: Threat actor in systems," with the body (apparently from eims@ic.fbi.gov) warning that "Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack...." The email then blames the real-world founder of two dark web intelligence companies (apparently the subject of a long standing feud with Pompompurin's community), and ultimately closes with the words "Stay safe, U.S. Department of Homeland Security — Cyber Threat Detection and Analysis — Network Analysis Group."

The FBI issued a statement in response to the incident — saying "The impacted hardware was taken offline quickly upon discovery of the issue."

YouTube today announced its decision to make the "dislike" count on videos private across its platform. The decision is likely to be controversial given the extent that it impacts the public's visibility into a video's reception. From a report: But YouTube believes the change will better protect its creators from harassment and reduce the threat of what it calls "dislike attacks" -- essentially, when a group teams up to drive up the number of dislikes a video receives. The company says that while dislike counts won't be visible to the public, it's not removing the dislike button itself. Users can still click the thumbs down button on videos to signal their dislike to creators privately. Meanwhile, creators will be able to track their dislikes in YouTube Studio alongside other analytics about their video's performance, if they choose. The change follows an experiment YouTube ran earlier this year whose goal was to determine if these sorts of changes would reduce dislike attacks and creator harassment. At the time, YouTube explained that public dislike counts can affect creators' well-being and may motivate targeted campaigns to add dislikes to videos. While that's true, dislikes can also serve as a signal to others when videos are clickbait, spam, or misleading, which can be useful.

"Every hour, YouTube deletes nearly 2,000 channels," reports the New York Times. "The deletions are meant to keep out spam, misinformation, financial scams, nudity, hate speech and other material that it says violates its policies.

"But the rules are opaque and sometimes arbitrarily enforced," they write — and sometimes, YouTube does end up making mistakes. (Alternate URL here...) The gatekeeper role leads to criticism from multiple directions. Many on the right of the political spectrum in the United States and Europe claim that YouTube unfairly blocks them. Some civil society groups say YouTube should do more to stop the spread of illicit content and misinformation... Roughly 500 hours of video are uploaded to YouTube every minute globally in different languages. "It's impossible to get our minds around what it means to try and govern that kind of volume of content," said Evelyn Douek, senior research fellow at the Knight First Amendment Institute at Columbia University. "YouTube is a juggernaut, by some metrics as big or bigger than Facebook."

In its email on Tuesday morning, YouTube said Novara Media [a left-leaning London news group] was guilty of "repeated violations" of YouTube's community guidelines, without elaborating. Novara's staff was left guessing what had caused the problem. YouTube typically has a three-strikes policy before deleting a channel. It had penalized Novara only once before... Novara's last show released before the deletion was about sewage policy, which hardly seemed worthy of YouTube's attention. One of the organization's few previous interactions with YouTube was when the video service sent Novara a silver plaque for reaching 100,000 subscribers...

Staff members worried it had been a coordinated campaign by critics of their coverage to file complaints with YouTube, triggering its software to block their channel, a tactic sometimes used by right-wing groups to go after opponents.... An editor, Gary McQuiggin, filled out YouTube's online appeal form. He then tried using YouTube's online chat bot, speaking with a woman named "Rose," who said, "I know this is important," before the conversation crashed. Angry and frustrated, Novara posted a statement on Twitter and other social media services about the deletion. "We call on YouTube to immediately reinstate our account," it said. The post drew attention in the British press and from members of Parliament.

Within a few hours, Novara's channel had been restored. Later, YouTube said Novara had been mistakenly flagged as spam, without providing further detail.
"We work quickly to review all flagged content," YouTube said in a statement, "but with millions of hours of video uploaded on YouTube every day, on occasion we make the wrong call "

But Ed Procter, chief executive of the Independent Monitor for the Press, told the Times that it was at least the fifth time that a news outlet had material deleted by YouTube, Facebook or Twitter without warning.

An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. BleepingComputer reports: Shane Huntley, who is at the helm of Google's Threat Analysis Group (TAG) that responds to government-backed hacking, notes that the higher-than-usual number of alerts this month comes from "from a small number of widely targeted campaigns which were blocked." The campaign from APT28, also known as Fancy Bear, lead to a larger number of warnings for Gmail users across various industries. In a statement sent by a Google spokesperson, Huntley says that Fancy Bear's phishing campaign accounts for 86% of all the batch warnings delivered this month. He explains that these notifications indicate targeting of the recipient, not a compromise of their Gmail account: "So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions."

Huntley says that these warnings are normal for individuals such as activists, journalists, government officials, or people that work national security structures because that's who government-backed entities are targeting. All the phishing emails from the Fancy Bear campaign were blocked by Gmail and did not land in the users' inboxes as they were automatically classified as spam. "As we've previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies," Huntley said.

Ukrainian police have reportedly arrested two members of a ransomware gang -- and while some have fingered REvil, no firm details have been published by cops from multiple countries. The Register reports: A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "two prolific ransomware operators known for their extortionate demands," claimed to be up to [$81.3 million]. One of the two suspects arrested on September 28, according to the National Police of Ukraine, was a "hacker." The other allegedly "helped to withdraw money obtained by criminal means." $1.3m in cryptocurrency was said to have been frozen. A multinational police operation with input from France's National Gendarmerie and the US Federal Bureau of Investigation helped lead the Ukraine cops to their targets, with support from Europol and Interpol.

The 25-year-old suspect allegedly deployed "virus software," compromising remote-working software, with one attack vector being "through spam-mailings on corporate e-mail boxes of malicious content." "In total, the hacker attacked more than 100 foreign companies in North America and Europe," said the Ukrainian police, adding that they blamed the 25-year-old arrestee for causing $150m of damage to Western organizations. [...] Numerous people speculated on Twitter that the latest Ukrainian arrests were members of the REvil ransomware gang. This was based solely on Europol's claim that the two main accused had once issued an "extortionate" [$81.3 million] ransom demand, which has not been repeated by cops in Ukraine. REvil once issued a ransom demand for $70 millionagainst managed service provider Kaseya) but that is not the same sum...

Cloudflare, the internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. From a report: On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they're made for use on top of any email hosting a customer already has, whether it's provided by Google's Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary.

"I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren't sure there was anything for us to do in the space," Prince says. "But what's become clear over the course of the last two years is that email security is still not a solved issue." Prince says that Cloudflare employees have been "astonished by how many targeted threats were getting through Google Workspace," the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use.

Gizmodo highlights the findings of a new ProPublica report on WhatsApp's content moderation system. What they found was that there are at least 1,000 WhatsApp content moderators employed by Facebook's moderator contract firm Accenture to review user-reported content that's been flagged by its machine learning system. "They monitor for, among other things, spam, disinformation, hate speech, potential terrorist threats, child sexual abuse material (CSAM), blackmail, and "sexually oriented businesses,'" reports Gizmodo. "Based on the content, moderators can ban the account, put the user 'on watch,' or leave it alone." From the report: Most can agree that violent imagery and CSAM should be monitored and reported; Facebook and Pornhub regularly generate media scandals for not moderating enough. But WhatsApp moderators told ProPublica that the app's artificial intelligence program sends moderators an inordinate number of harmless posts, like children in bathtubs. Once the flagged content reaches them, ProPublica reports that moderators can see the last five messages in a thread.

WhatsApp discloses, in its terms of service, that when an account is reported, it "receives the most recent messages" from the reported group or user as well as "information on your recent interactions with the reported user." This does not specify that such information, viewable by moderators, could include phone numbers, profile photos, linked Facebook and Instagram accounts, their IP address, and mobile phone ID. And, the report notes, WhatsApp does not disclose the fact that it amasses all users' metadata no matter their privacy settings.

WhatsApp didn't offer much clarity on what mechanism it uses to receive decrypted messages, only that the person tapping the "report" button is automatically generating a new message between themselves and WhatsApp. That seems to indicate that WhatsApp is deploying a sort of copy-paste function, but the details are still unclear. Facebook told Gizmodo that WhatsApp can read messages because they're considered a version of direct messaging between the company and the reporter. They added that users who report content make the conscious choice to share information with Facebook; by their logic, Facebook's collection of that material doesn't conflict with end-to-end encryption. So, yes, WhatsApp can see your messages without your consent.

Cybercrime and computer security reporter Brian Krebs tells the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. From the report: The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source -- we'll call him "Bill" to preserve his requested anonymity -- has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world's major email providers each day. Bill said he's not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.

In about half the cases the credentials are being checked via "IMAP," which is an email standard used by email software clients like Mozilla's Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds "OK" = successful access). You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim's contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold. And they seem particularly focused on stealing gift card data.

"Sometimes they'll log in as much as two to three times a week for months at a time," Bill said. "These guys are looking for low-hanging fruit -- basically cash in your inbox. Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value." According to Bill, the fraudsters aren't downloading all of their victims' emails: That would quickly add up to a monstrous amount of data. Rather, they're using automated systems to log in to each inbox and search for a variety of domains and other terms related to companies that maintain loyalty and points programs, and/or issue gift cards and handle their fulfillment. Why go after hotel or airline rewards? Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.

A new version of the classic Atari game "Centipede" will be released for consoles and PC in late September under the name "Centipede: Recharged" and sporting a more futuristic look. From a report: The game's lead developer, Adam Nickerson, first partnered with Atari for last year's "Missile Command: Recharged," which revamped another classic in a similar style. Nickerson tells Axios he first connected with Atari after discovering an email in his spam folder from an Atari official who liked his work. Atari showed him a list of franchises they had the rights to. He went with "Missile Command" first because he used to be obsessed with it.

In Facebook's "widely viewed content report" released last week, The Verge's Casey Newton noticed something arguably just as damning as the spread of COVID-19 misinformation or rise of vaccine hesitancy: almost all of the most-viewed posts on Facebook over the past quarter were effectively plagiarized from elsewhere. From the report: Facebook's report details the top 20 most widely viewed posts on the network over the past three months. One of the posts was deleted before Facebook published it. Of the remaining 19, though, only four appear to have been original. The remaining 15 had been published in at least one other place first, and were then re-uploaded to Facebook, sometimes with small changes. [...] Facebook has long been home to reappropriated content, from the freebooting scandal during 2017's pivot to video to the more recent phenomenon of Instagram's Reels being flooded with videos bearing TikTok watermarks. But this kind of dumb, cheap growth hacking should sound familiar to anyone who paid even passing attention to the 2016 election. Russia's infamous Internet Research Agency commissioned a troll army to build up big followings on innocuous-seeming Facebook pages using a wide variety of engagement bait, then gradually shifted those pages to begin sharing more divisive political memes.

That's all much harder to do now, thanks to a variety of measures Facebook has taken to make it more difficult for people to disguise their identities or countries of origin. The company now routinely removes networks of pages where the creators' identities are suspect. And it's worth saying that in the most recent election, inauthentic behavior of the 2016 variety did not play a significant role. Most importantly, Facebook now has a policy against "abusive audience building" -- switching topics and repeatedly changing a page's name for the purpose of growing a following. But it seems notable that for domestic actors, the tactics not only work, but remain the most effective way to reach a large audience five years later. Steal some questions that went viral somewhere else, spam them on your page, and presto: you're one of the most-viewed links for the entire quarter on the world's biggest social network. "The plagiarists who dominate Facebook's top 20 links are likely doing it primarily for clout and ill-gotten audience growth," Casey goes on to say. "But some of the other characters here appear to have more direct monetary incentives..."

Your inbox is now a shopping mall. From a column: Email is one of the few ways companies can reach their customers directly. In fact, people overwhelmingly say that the way they want to hear from brands is by email, Chad S. White, the head of research for Oracle Marketing Consulting, told me. That's why the mailbox software started suppressing messages -- to protect people from companies' temptation to send too many emails. In response, email marketers obsess over "deliverability," or how the content and frequency of their emails might help those messages actually hit your inbox in the first place. But that process has created new and weird feedback loops, in which some companies and certain messages might be able to reach your inbox more readily than before, while others get junked -- condemned to spam, deleted, or the like -- before you see them.

As a result, your personal inbox gradually has become less like a mailbox and more like a wormhole into every business relationship you maintain: your bank; your utility provider; your supermarket; your favorite boutiques, restaurants, housewares providers, and all the rest. It's your own digital commercial district: Opening up email is akin to visiting a little mall in your browser or on your phone, where every shop is right next to every other. A few years ago, Gmail made that metaphor concrete by introducing the promotions folder, recasting spam as marketing. When you're in the mood to shop, just drop into promotions and see what's on offer (or search for a favorite brand to see the latest wares).

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now.

Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

Florida's fired Department of Health data manager Rebekah Jones lost access to her 400,000 followers on Twitter last month — which she'd been using to criticize Florida governor Ron DeSantis for downplaying the severity of the state's Covid-19 crisis. Then Jones announced she'd be running for Congress. "This also means, under Desantis' recently signed social media law, I get to fine Twitter $250K per day until my account is restored starting July 1."

Orlando Weekly reports: After a media frenzy, Jones deleted the post. She said she was attempting to point out Gov. Ron DeSantis's "hypocrisy" in writing a law that allowed political candidates to sue media companies that ban them, while still celebrating her Twitter suspension...

The bit became real when she filed to run as an Independent in Florida's 1st congressional district on June 25...

On her campaign website, she lists eight issues on her platform: protecting Florida's environmental systems, promoting government transparency, fighting for media accountability in disinformation, giving access to representatives, ensuring the district's veterans are taken care of, scrutinizing restrictive voting laws, funding science and research, and boosting support for all levels of education. Jones says there's still room for other issues on her platform, after she talks to more residents.
Jones' GoFundMe account ("DefendScience") now directs visitors to her official campaign site if they want to make campaign contributions. (And the GoFundMe page also notes that her campaign has been endorsed by 90-year-old Daniel Ellsberg, the famous whistleblower who in 1971 leaked the Pentagon Papers, a top-secret government study on the Vietnam War.)

But the last six weeks have been a wild ride for the data scientist:

• Last month Florida's Inspector General granted official whistleblower status to Jones.
• Six days later Twitter told Slashdot they'd "permanently suspended" Jones' account "for violations of the Twitter Rules on spam and platform manipulation."
• When Jones then created a new Twitter account for her campaign, "it was suspended within a day of its creation," Orlando Weekly reports.
• Jones created a new account on Instagram named "insubordinatescientist". Yet since June 16th Instagram has also marked it as "unavailable," saying the link "may be broken, or the page may have been removed." (Since June 16th Instagram has not responded to Slashdot's request for an explanation.)
• Jones' GoFundMe page now refers visitors to an entirely different Instagram page.

Yesterday the official coronavirus coordinator for the White House reported that one in five of America's Covid-19 cases this week have come from Florida.