Security

Email Bombs Exploit Lax Authentication In Zendesk (krebsonsecurity.com) 11

Cybercriminals are exploiting weak email authentication settings in Zendesk, using the platform's customer support systems to bombard targets with thousands of spam and harassing messages that appear to come from legitimate companies like The Washington Post, Discord, and NordVPN. KrebsOnSecurity reports: Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder.

The abusive missives sent via Zendesk's platform can include any subject line chosen by the abusers. In my case, the messages variously warned about a supposed law enforcement investigation involving KrebsOnSecurity.com, or else contained personal insults. Moreover, the automated messages that are sent out from this type of abuse all come from customer domain names -- not from Zendesk. [...]

In all of the cases above, the messaging abuse would not have been possible if Zendesk customers validated support request email addresses prior to sending responses. Failing to do so may make it easier for Zendesk clients to handle customer support requests, but it also allows ne'er-do-wells to sully the sender's brand in service of disruptive and malicious email floods.
"We recognize that our systems were leveraged against you in a distributed, many-against-one manner," said Carolyn Camoens, communications director at Zendesk. "We are actively investigating additional preventive measures. We are also advising customers experiencing this type of activity to follow our general security best practices and configure an authenticated ticket creation workflow."
Privacy

Prosper Data Breach Impacts 17.6 Million Accounts (bleepingcomputer.com) 4

Hackers breached financial services firm Prosper, stealing the personal data of roughly 17.6 million people, including Social Security numbers, income details, and government IDs. "We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data. We will be offering free credit monitoring as appropriate after we determine what data was affected," the company says. "The investigation is still in its very early stages, but resolving this incident is our top priority and we are committed to sharing additional information with our customers as appropriate." BleepingComputer reports: Prosper operates as a peer-to-peer lending marketplace that has helped over 2 million customers secure more than $30 billion in loans since its founding in 2005. As the company disclosed one month ago on a dedicated page, the breach was detected on September 2, but Prosper has yet to find evidence that the attackers gained access to customer accounts and funds.

However, the attackers stole data belonging to Prosper customers and loan applicants. The company hasn't shared what information was exposed beyond Social Security numbers because it's still investigating what data was affected. Prosper added that the security breach didn't impact its customer-facing operations and that it has reported the incident to relevant authorities and is collaborating with law enforcement to investigate the attack. [...] The stolen information also includes customers' names, government-issued IDs, employment status, credit status, income levels, dates of birth, physical addresses, IP addresses, and browser user agent details.
Have I Been Pwned revealed the extent of the incident on Thursday.
Data Storage

12 Years of HDD Analysis Brings Insight To the Bathtub Curve's Reliability (arstechnica.com) 23

Backblaze has been tracking hard disk drive failures in its datacenter since 2013. The backup and cloud storage company's latest analysis of approximately 317,230 drives shows that peak failure rates have dropped dramatically and shifted much later in a drive's lifespan. Where the company once saw failure rates of 13.73% at around three years in 2013 and 14.24% at seven years and nine months in 2021, the current data shows a peak of just 4.25% at 10 years and three months.

This represents the first time the company has observed the highest failure rate occurring at the far end of the drive curve rather than earlier in its operational life, it said. The drives maintained relatively consistent failure rates through most of their use before spiking sharply near the end. The improvement amounts to roughly one-third of the previous peak failure rates.
Security

F5 Says Hackers Stole Undisclosed BIG-IP Flaws, Source Code (bleepingcomputer.com) 16

An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.

F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...]

F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.

Security

Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops (bleepingcomputer.com) 63

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules.

The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

AI

Are AI Agents Compromised By Design? 38

Longtime Slashdot reader Gadi Evron writes: Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their IEEE Security & Privacy essay, they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start. "Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption."

"Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."
Microsoft

Beijing Issues Documents Without Word Format Amid US Tensions (scmp.com) 146

An anonymous reader shares a report: China's expansion of its rare earth export controls appeared to mark another escalation in the US-China trade war last week. But the announcements were also significant in another way: unusually, the documents could not be opened using American word processing software.

For the first time, China's Ministry of Commerce issued a slew of documents that could be directly accessed only through WPS Office -- China's answer to Microsoft Office -- as Beijing continues its tech self-reliance drive. Developed by the Beijing-based software company Kingsoft, WPS Office uses a different coding structure to Microsoft Office, meaning WPS text files cannot be opened directly in Word without conversion. Previously, the ministry primarily released text documents in Microsoft Word format.

Privacy

ShinyHunters Leak Alleged Data From Qantas, Vietnam Airlines and Other Major Firms (hackread.com) 14

schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies.

The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers.
The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."
Android

Android 'Pixnapping' Attack Can Capture App Data Like 2FA Codes (theregister.com) 17

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator.

"First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content."

The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say.
The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."
Businesses

Toxic Workplaces Are Worsening: 80% of U.S. Workers Say Their Job Hurts Mental Health (fastcompany.com) 187

Slashdot reader joshuark shared this report from Fast Company: According to Monster's newly released 2025 Mental Health in the Workplace survey of 1,100 workers, 80% of respondents described their workplace environment as toxic. The alarming statistic is an increase from 67% just a year ago.

The challenging environment has major implications. An astonishing 71% of workers say their mental health is poor (40%) or fair (31%), while only 29% rank it positively: 20% said it was good and 9% described it as great. Workers say that a toxic workplace culture is the top cause of their poor mental health (59%), followed closely by having a bad manager (54%)...

Mental health is incredibly important to employees. The majority (63%) care more about it than having a "brag-worthy" job. Likewise, many would pass on a promotion (43%) or opt out of a raise (33%) if it was better for their mental health... The vast majority (93%) say their employer isn't focused on supporting employee mental health — a statistic that rose drastically since just a year ago, with 78% claiming the same.

"According to the survey, more than half of workers (57%) say they'd rather quit their job than continue working in an environment they feel is toxic and overall, causing major strains to their mental wellbeing..."
AI

AI Slop? Not This Time. AI Tools Found 50 Real Bugs In cURL (theregister.com) 92

The Register reports: Over the past two years, the open source curl project has been flooded with bogus bug reports generated by AI models. The deluge prompted project maintainer Daniel Stenberg to publish several blog posts about the issue in an effort to convince bug bounty hunters to show some restraint and not waste contributors' time with invalid issues. Shoddy AI-generated bug reports have been a problem not just for curl, but also for the Python community, Open Collective, and the Mesa Project.

It turns out the problem is people rather than technology. Last month, the curl project received dozens of potential issues from Joshua Rogers, a security researcher based in Poland. Rogers identified assorted bugs and vulnerabilities with the help of various AI scanning tools. And his reports were not only valid but appreciated. Stenberg in a Mastodon post last month remarked, "Actually truly awesome findings." In his mailing list update last week, Stenberg said, "most of them were tiny mistakes and nits in ordinary static code analyzer style, but they were still mistakes that we are better off having addressed. Several of the found issues were quite impressive findings...."

Stenberg told The Register that about 50 bugfixes based on Rogers' reports have been merged. "In my view, this list of issues achieved with the help of AI tooling shows that AI can be used for good," he said in an email. "Powerful tools in the hand of a clever human is certainly a good combination. It always was...!" Rogers wrote up a summary of the AI vulnerability scanning tools he tested. He concluded that these tools — Almanax, Corgea, ZeroPath, Gecko, and Amplify — are capable of finding real vulnerabilities in complex code.

The Register's conclusion? AI tools "when applied with human intelligence by someone with meaningful domain experience, can be quite helpful."

jantangring (Slashdot reader #79,804) has published an article on Stenberg's new position, including recently published comments from Stenberg that "It really looks like these new tools are finding problems that none of the old, established tools detect."
Encryption

Cryptologist DJB Alleges NSA is Pushing an End to Backup Algorithms for Post-Quantum Cryptography (cr.yp.to) 38

Cryptologist/CS professor Daniel J. Bernstein is alleging that America's National Security Agency is attempting to influence NIST post-quantum cryptography standards.

Bernstein first emphasizes that it's normal for post-quantum cryptography (or "PQ") to be part of "hybrid" security that also includes traditional pre-quantum cryptography. (Bernstein says this is important because since 2016, "We've seen many breaks of post-quantum proposals...")

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ." Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.

This seems to be a speculative scenario. But Bernstein is also concerned about how the Internet Engineering Task Force handled two drafts specifying post-quantum encryption mechanisms for TLS ("the security layer inside HTTPS and inside various other protocols"). For a draft suggesting "non-hybrid" encryption, there were 20 statements of support (plus 2 more only conditionally supporting it), but 7 more statements unequivocally opposing adoption, including one from Bernstein. The IETF has at times said they aim for "rough consensus" — or for "broad consensus" — but Bernstein insists 7 opposers in a field of 29 (24.13%) can't be said to match the legal definition of consensus (which is "general agreement"). "I've filed a formal complaint regarding the claim of consensus to adopt."

He's also written a second blog post analyzing the IETF's decision-making process in detail. "It's already bad that the IETF TLS working group adopted non-hybrid post-quantum encryption without official answers to the objections that were raised. It's much worse if the objections can't be raised in the first place."

Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.
Botnet

DDoS Botnet Aisuru Blankets US ISPs In Record DDoS (krebsonsecurity.com) 14

An anonymous reader quotes a report from KrebsOnSecurity: The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

Since its debut more than a year ago, the Aisuru botnet has steadily outcompeted virtually all other IoT-based botnets in the wild, with recent attacks siphoning Internet bandwidth from an estimated 300,000 compromised hosts worldwide. The hacked systems that get subsumed into the botnet are mostly consumer-grade routers, security cameras, digital video recorders and other devices operating with insecure and outdated firmware, and/or factory-default settings. Aisuru's owners are continuously scanning the Internet for these vulnerable devices and enslaving them for use in distributed denial-of-service (DDoS) attacks that can overwhelm targeted servers with crippling amounts of junk traffic.

As Aisuru's size has mushroomed, so has its punch. In May 2025, KrebsOnSecurity was hit with a near-record 6.35 terabits per second (Tbps) attack from Aisuru, which was then the largest assault that Google's DDoS protection service Project Shield had ever mitigated. Days later, Aisuru shattered that record with a data blast in excess of 11 Tbps. By late September, Aisuru was publicly flexing DDoS capabilities topping 22 Tbps. Then on October 6, its operators heaved a whopping 29.6 terabits of junk data packets each second at a targeted host. Hardly anyone noticed because it appears to have been a brief test or demonstration of Aisuru's capabilities: The traffic flood lasted less only a few seconds and was pointed at an Internet server that was specifically designed to measure large-scale DDoS attacks.

Aisuru's overlords aren't just showing off. Their botnet is being blamed for a series of increasingly massive and disruptive attacks. Although recent assaults from Aisuru have targeted mostly ISPs that serve online gaming communities like Minecraft, those digital sieges often result in widespread collateral Internet disruption. For the past several weeks, ISPs hosting some of the Internet's top gaming destinations have been hit with a relentless volley of gargantuan attacks that experts say are well beyond the DDoS mitigation capabilities of most organizations connected to the Internet today.

Security

SonicWall Breach Exposes All Cloud Backup Customers' Firewall Configs (csoonline.com) 14

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks.
SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.
IT

The People Rescuing Forgotten Knowledge Trapped On Old Floppy Disks (bbc.com) 57

smooth wombat writes: At one point in technology history, floppy disks reigned supreme. Files, pictures, games, everything was put on a floppy disk. But technology doesn't stand still and as time went on disks were replaced by CDs, DVDs, thumb drives, and now cloud storage. Despite these changes, floppy disks are still found in long forgotten corners of businesses or stuffed in boxs in the attic. What is on these disks is anyone's guess, but Cambridge University Library is racing against time to preserve the data. However, lack of hardware and software to read the disks, if they're readable at all, poses unique challenges.

Some of the world's most treasured documents can be found deep in the archives of Cambridge University Library. There are letters from Sir Isaac Newton, notebooks belonging to Charles Darwin, rare Islamic texts and the Nash Papyrus -- fragments of a sheet from 200BC containing the Ten Commandments written in Hebrew.

These rare, and often unique, manuscripts are safely stored in climate-controlled environments while staff tenderly care for them to prevent the delicate pages from crumbling and ink from flaking away.

But when the library received 113 boxes of papers and mementoes from the office of physicist Stephen Hawking, it found itself with an unusual challenge. Tucked alongside the letters, photographs and thousands of pages relating to Hawking's work on theoretical physics, were items now not commonly seen in modern offices -- floppy disks.

They were the result of Hawking's early adoption of the personal computer, which he was able to use despite having a form of motor neurone disease known as amyotrophic lateral sclerosis, thanks to modifications and software. Locked inside these disks could be all kinds of forgotten information or previously unknown insights into the scientists' life. The archivists' minds boggled.

These disks are now part of a project at Cambridge University Library to rescue hidden knowledge trapped on floppy disks. The Future Nostalgia project reflects a larger trend in the information flooding into archives and libraries around the world.

Chrome

Chrome Will Automatically Disable Web Notifications You Don't Care About (theverge.com) 13

Google is introducing a new Chrome browser feature for Android and desktop users that automatically turns off notifications for websites that you're already ignoring. From a report: Chrome's Safety Check feature already provides similar functionality for camera access and location tracking permissions.

This new auto-revocation feature builds on a similar Android feature that already makes it easier for Chrome users to unsubscribe from website notifications they don't care about with a single tap. The feature doesn't revoke notifications for any web apps installed on the device, and permissions will only be disabled for sites that send a lot of notifications that users rarely engage with. Less than one percent of all web notifications in Chrome currently receive any interaction from users, according to Google, often making them more distracting than helpful.

Security

Apple Doubles Its Biggest Bug Bounty Reward To $2 Million (engadget.com) 13

Apple is updating its Security Bounty program this November to offer some of the highest rewards in the industry. From a report: It has doubled its top award from $1 million to $2 million for the discovery of "exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks" and which requires no user interaction. But the maximum possible payout can exceed $5 million dollars for the discovery of more critical vulnerabilities, such as bugs in beta software and Lockdown Mode bypasses. Lockdown Mode is an upgraded security architecture in the Safari browser.

In addition, the company is rewarding the discovery of exploit chains with one-click user interaction with up to $1 million instead of just $250,000. The reward for attacks requiring physical proximity to devices can now also go up to $1 million, up from $250,000, while the maximum reward for attacks requiring physical access to locked devices has been doubled to $500,000. Finally, researchers "who demonstrate chaining WebContent code execution with a sandbox escape can receive up to $300,000."

IT

Poland Says Cyberattacks on Critical Infrastructure Rising, Blames Russia (reuters.com) 26

An anonymous reader shares a report: Poland's critical infrastructure has been subject to a growing number of cyberattacks by Russia, whose military intelligence, has trebled its resources for such action against Poland this year, the country's digital affairs minister told Reuters. Of the 170,000 cyber incidents that have been identified in the first three quarters of this year, a significant portion has been attributed to Russian actors, while other cases are financially motivated, involving theft or other forms of cybercrime, Krzysztof Gawkowski said.

He said Poland is a subject to between 2,000 and 4,000 incidents a day and that 700 to 1,000 are "taken up by us, meaning they posed a real threat or had the potential to cause serious problems," he said. Foreign adversaries are now expanding their focus beyond water and sewage systems to the energy sector, he said.

Windows

Windows Product Activation Creator Reveals Truth Behind XP's Most Notorious Product Key (tomshardware.com) 34

Dave W. Plummer, the Microsoft developer who created Task Manager and helped build Windows Product Activation, has revealed the origins of Windows XP's most notorious product key. The alphanumeric string FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 was not cracked through clever hacking but leaked as a legitimate volume licensing key five weeks before XP's October 2001 release.

A warez group distributed the key alongside special corporate installation media. Windows Product Activation generated hardware IDs from system components and sent them to Microsoft for validation. The leaked volume licensing key bypassed this entirely. The system recognized it as corporate licensing and skipped phone-home activation. Users could install XP without activation prompts or 30-day timers. Microsoft later blacklisted the key.
EU

One-Man Spam Campaign Ravages EU 'Chat Control' Bill (politico.eu) 54

An anonymous reader shares a report: A website set up by an unknown Dane over the course of one weekend in August is giving a massive headache to those trying to pass a European bill aimed at stopping child sexual abuse material from spreading online.

The website, called Fight Chat Control, was set up by Joachim, a 30-year-old software engineer living in Aalborg, Denmark. He made it after learning of a new attempt to approve a European Union proposal to fight child sexual abuse material (CSAM) -- a bill seen by privacy activists as breaking encryption and leading to mass surveillance.

The site lets visitors compile a mass email warning about the bill and send it to national government officials, members of the European Parliament and others with ease. Since launching, it has broken the inboxes of MEPs and caused a stir in Brussels' corridors of power. "We are getting hundreds per day about it," said Evin Incir, a Swedish Socialists and Democrats MEP, of the email deluge.

Slashdot Top Deals