An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.
An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.
Xochil writes: Sanford Wallace gets a two-year prison term and $310K fine on charges of fraud and criminal contempt for sending over 27 million spam messages to Facebook users. Sanford Wallace has made a name for himself over the course of the last several years. In 1998, the "Spam King" announced he would put an end to spamming on his part, instead resorting to a new scheme in which ISPs would be paid to receive the mail. Flash forward to 2004, the Associated Press reported that a judge issued a temporary restraining order against Wallace for alleged spyware distribution. Last August, Wallace admitted to compromising around 500,000 Facebook accounts, using them to send over 27 million spam messages through Facebook's servers, between November 2008 and March 2009. While he could have been sentenced to as many as 16 years in prison, he was only sentenced to two-and-a-half years in prison and five years of supervised release. In addition, Wallace was ordered to pay about one cent for every message sent or about 60 cents per account compromised, totaling $310,628.55 in restitution. The phishing scam consisted of Wallace automating the process of signing into a Facebook user's account, retrieving a list of their friends and sending them each a message that encouraged them to log into a website. The website would trick users into divulging their Facebook username and password before directing them to an affiliate website that would pay him for the traffic.
An anonymous reader writes: Researchers have uncovered an underground market selling information of over 70,000 compromised servers. Russia-based Kaspersky Lab revealed that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. Access to a compromised server can be bought for as little as $6. This kit comes with relevant tools to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.
An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.
An anonymous reader writes from a report via BetaNews: The notification tray in Android serves a very specific purpose. There's a clue in the name -- and it's nothing to do with advertising. Android user Thom Holwerda was upset this week when Microsoft Office for Android started to spam him with ads for apps he already had installed. There are many questions here, one of which is why is Microsoft ignoring Google's guidelines and using the notification tray to display ads? Thom, from the website OSnews, found that the copy of Word he had installed on his Nexus 6P was spamming him with ads for Excel and Powerpoint -- which he was already using. Mark Wilson from BetaNews contacted Microsoft and they said, "Our team is actively investigating the occurrences of these notifications." After pressing further into the issue, a Microsoft spokesperson said, "Microsoft is deeply committed to ensuring that we maintain the best possible experience for our customers in addition to complying with all applicable policies. We have taken the action to turn off these notifications. This update will be reflected in the coming days." In other semi-related news, users can now remove the 260-character path length limit in the Windows 10 build 14352.
An anonymous reader writes: Dyson has a launched a hair dryer with a design language similar to that of its bladeless fans. The $399 hair dryer is four years in the making, involving 103 engineers, over 1,000 miles of test hair, and a $71 million investment -- the Dyson Supersonic is being touted as "the hairdryer rethought" by its inventor Sir James Dyson. "We realized that hair dryers can cause extreme heat damage to hair," said Dyson in a press release. "So I challenged Dyson engineers to really understand the science of hair and develop our version of a hair dryer, which we think solves these problems." The hair dryer can be reserved online and will be sold exclusively at Sephora for $399 this fall.
Reader itwbennett writes: Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard drive's master boot record (MBR), leaving infected computers unable to boot into the operating system. Now, security experts have devised a method that, while not exactly straightforward, allows users to recover data from computers infected with the ransomware without paying money to cyber criminals. Folks over at BleepingComputer have confirmed that the aforementioned technique works.
An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."
An anonymous reader cites a report on VentureBeat: Microsoft today announced that Xamarin is now available for free for every Visual Studio user. This includes all editions of Visual Studio, including the free Visual Studio Community Edition, Visual Studio Professional, and Visual Studio Enterprise. Furthermore, Xamarin Studio for OS X is being made available for free as a community edition and Visual Studio Enterprise subscribers will get access to Xamarin's enterprise capabilities at no additional cost. The company also promised to open source Xamarin's SDK, including its runtime, libraries, and command line tools, as part of the .NET Foundation 'in the coming months.' Plenty of developers will find this announcement exciting. Xamarin being free is a big deal.
An anonymous reader writes: CloudFlare's co-founder Matthew Prince has publicly appealed to work with the Tor Project on implementing a solution that will stop the high incidence of Tor users being challenged by CAPTCHAs whilst browsing. Prince proposes the implementation of a Tor plugin that would communicate with CloudFlare servers to provide temporary, anonymous identification to bypass the CAPTCHAs, and has presented the code on GitHub. Other possibilities mooted include the adoption of higher-level encryption, which would be likely to adversely influence a network which already has native (and inevitable) latency issues. CloudFlare's public post on the matter comes after five turbulent weeks of comments-section debate between CloudFlare and Tor, and seems to be an appeal for public arbitration on the matter.Prince further noted that 94% of the traffic CloudFlair sees is "per se malicious." From his blog post: That doesn't mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.
An anonymous reader shares a report on VentureBeat: Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. Using this, anyone can create a text program that they can chat with. A BotBuilder software-development kit (SDK) is available on GitHub under an open-source MIT license. These bots can be implemented into a variety of applications, including Slack or Telegram or even email. "Bots are like new applications," Microsoft chief executive Satya Nadella said. "And digital assistants are meta apps, or like the new browsers. And intelligence is infused into all of your interactions. That's the rich platform that we have." Microsoft will want to tread carefully.
At its developer conference, Build 2016, Microsoft announced on Wednesday that Windows 10, the latest version of its desktop version which it released on July 29 last year, is now being used on over 270 million active computers worldwide. "Windows 10 is off to the fastest adoption of any release ever," said Terry Myerson, executive vice president for Microsoft's Windows and Devices Group. The company also announced that it will be releasing Windows 10 Anniversary Update this summer for all Windows 10 users free of charge.
Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries. Update: 03/30 16:16 GMT by M : At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.
Reader Freshly Exhumed writes: Telemarketers in Canada and the USA have essentially been bypassing each nation's do-not-call registry by basing their efforts from the other or from off-shore locations, while cross border spam remains rampant. Now the CRTC, Canada's telecom and broadcast regulator, has announced it signed a partnership agreement with the Federal Trade Commission of the United States to fight against spam and calls from pesky telemarketers. The Memorandum of Understanding (MOU) consists of all unsolicited telecommunications, unsolicited commercial email (spam), and other "illegal electronic threats" that cover anti-spam laws in the United States and Canada.
itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.
campuscodi writes: Google has confirmed with Search Engine Land that it is removing PageRank scores from the Google toolbar, which was the last place where someone could check their site's PageRank status. Many SEO experts are extremely happy at this point, since it seems that PageRank is responsible for all the SEO spam we see today.
MojoKid writes: A Denver-based security startup called ProtectWise has a rather interesting twist on a security as a service platform that also incorporates an innovative threat detection and management user interface. The ProtectWise security platform runs on a cloud-based infrastructure that currently utilizes Amazon AWS for storage and processing. ProtectWise is an all software solution comprised of a "Cloud Network DVR" platform made-up of virtual cameras in the cloud that record all traffic on the network. The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform where it is securely stored and the threat analysis is performed. The sensors can be configured with profiles to capture just light metadata like netflow or headers (source, destination etc.) all the way to the full payload. You can then playback the traffic from the ProtectWise cloud analytics platform, going months back if needed, and analyze the data for threats. You can go back in time and see if, where and how you've been compromised retrospectively. There's also a ProtectWise HUD that visualizes and renders network threat location and progression, allowing you to make better use of all the data recorded. It has a 'KillBox' that visually shows attack event progression across the network area. The only question has to do with compliance for financial applications since it is cloud-based. Currently, ProtectWise has 100 or so deployments of its product in the market with customers like Netflix, Hulu, Expedia, Pandora and Universal Music.
An anonymous reader writes: British telco BT is launching a free landline service for UK customers which promises to divert millions of unwanted calls. A dedicated team at BT will monitor calls made to UK numbers, across its network of over 10 million domestic landlines, to identify suspicious patterns, which could help to filter out nuisance callers. The flagged numbers will then be directed to a junk voicemail box. The company has estimated that the voicemail 'net' will catch up to 25 million cold calls every week. It explained that to achieve this success rate, it would be deploying enormous amounts of compute power to monitor and analyse large amounts of data in real-time.
Trailrunner7 writes: Robocalls are among the more annoying modern inventions, and consumers and businesses have tried just about every strategy for defeating them over the years, with little success. But one man has come up with a bot of his own that sends robocallers into a maddening hall of mirrors designed to frustrate them into surrender. The bot is called the Jolly Roger Telephone Company, and it's the work of Roger Anderson, a veteran of the phone industry himself who had grown tired of the repeated harassment from telemarketers and robocallers. Anderson started out by building a system that sat in front of his home landlines and would tell human callers to press a key to ring through to his actual phone line; robocallers were routed directly to an answering system. He would then white-list the numbers of humans who got through. Sometimes the Jolly Roger bot will press buttons to be transferred to a human agent and other times it will just talk back if a human is on the other end of the line to begin with.