Forgot your password?
typodupeerror
Spam

Profanity-Laced Academic Paper Exposes Scam Journal 134

Posted by Soulskill
from the start-building-your-resume dept.
Frosty P writes: A scientific paper titled "Get Me Off Your F****** Mailing List" was actually accepted by the International Journal of Advanced Computer Technology. As reported at Vox and other web sites, the journal, despite its distinguished name, is a predatory open-access journal. These sorts of low-quality journals spam thousands of scientists, offering to publish their work for a fee. In 2005, computer scientists David Mazières and Eddie Kohler created this highly profane ten-page paper as a joke, to send in replying to unwanted conference invitations. It literally just contains that seven-word phrase over and over, along with a nice flow chart and scatter-plot graph. More recently, computer scientist Peter Vamplew sent it to the IJACT in response to spam from the journal, and the paper was automatically accepted with an anonymous reviewer rating it as "excellent," and requested a fee of $150. Over the years, the number of these predatory journals has exploded. Jeffrey Beall, a librarian at the University of Colorado, keeps an up-to-date list of them to help researchers avoid being taken in; it currently has 550 publishers and journals on it."
Botnet

Android Botnet Evolves, Could Pose Threat To Corporate Networks 54

Posted by samzenpus
from the protect-ya-neck dept.
angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.
Businesses

The New-ish Technologies That Will Alter Your Career 66

Posted by samzenpus
from the job-of-the-future dept.
Nerval's Lobster writes Over at Dice, there's a discussion of the technologies that could actually alter how you work (and what you work on) over the next few years, including 3D printing, embedded systems, and evolving Web APIs. Granted, predicting the future with any accuracy is a nigh-impossible feat, and a lot of nascent technologies come with an accompanying amount of hype. But given how these listed technologies have actually been around in one form or another for years, and don't seem to be fading away, it seems likely that they'll prove an increasing factor in how we live and work over the next decade and beyond. For those who have no interest in mastering aspects of the so-called "Internet of Things," or other tech on this list, never fear: if the past two decades have taught us anything, it's that lots of old hardware and software never truly goes away, either (hi, mainframes!).
Math

Big Talk About Small Samples 245

Posted by samzenpus
from the read-all-about-it dept.
Bennett Haselton writes: My last article garnered some objections from readers saying that the sample sizes were too small to draw meaningful conclusions. (36 out of 47 survey-takers, or 77%, said that a picture of a black woman breast-feeding was inappropriate; while in a different group, 38 out of 54 survey-takers, or 70%, said that a picture of a white woman breast-feeding was inappropriate in the same context.) My conclusion was that, even on the basis of a relatively small sample, the evidence was strongly against a "huge" gap in the rates at which the surveyed population would consider the two pictures to be inappropriate. I stand by that, but it's worth presenting the math to support that conclusion, because I think the surveys are valuable tools when you understand what you can and cannot demonstrate with a small sample. (Basically, a small sample can present only weak evidence as to what the population average is, but you can confidently demonstrate what it is not.) Keep reading to see what Bennett has to say.
Crime

Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams? 159

Posted by timothy
from the our-menu-options-have-recently-changed dept.
An anonymous reader writes I run the IT department for a medium-sized online retailer, and we own a set of marketing toll-free numbers that route to our VoIP system for sales. Yesterday we began receiving dozens and now hundreds of calls from non-customers claiming that we're calling out from our system and offering them $1 million in prizes and asking for their checking account details (a classic phishing scheme). After verifying that our own system wasn't compromised, we realized that someone was spoofing the Caller ID of our company on a local phone number, and then they were forwarding call-backs to their number to one of our 1-800 numbers. We contacted the registered provider of the scammer's phone number, Level3, but they haven't been able to resolve the issue yet and have left the number active (apparently one of their sub-carriers owns it). At this point, the malicious party is auto-dialing half of the phone book in the DC metro area and it's causing harm to our business reputation. Disabling our inbound 800 number isn't really possible due to the legitimate marketing traffic. Do you have any suggestions?
Network

Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server? 405

Posted by timothy
from the why-not-hand-deliver-those-messages? dept.
New submitter hawkbug writes For the past 15 years, I have hosted my own email server at home and it's been pretty painless. I had always used a local Denver ISP on a single static IP. Approximately two years ago, I switched to a faster connection, which now is hosted on Comcast. They provide me 5 static IPs and much faster speeds. It's a business connection with no ports blocked, etc. It has been mostly fine these last two years, with the occasional outage due to typical Comcast issues. About two weeks ago, I came across a serious issue. The following email services started rejecting all email from my server: Hotmail, Yahoo, and Gmail. I checked, and my IP is not on any real time blacklists for spammers, and I don't have any security issues. My mail server is not set as an open relay, and I use SPF records and pass all SPF tests. It appears that all three of those major email services started rejecting email from me based on a single condition: Comcast. I can understand the desire to limit spam — but here is the big problem: I have no way to combat this. With Gmail, I can instruct users to flag my emails as "not spam" because the emails actually go through, but simply end up in the spam folder. Yahoo and Hotmail on the other hand, just flat out reject the traffic at lower level. They send rejection notices back to my server that contain "tips" on how to make sure I'm not an open relay, causing spam, etc. Since I am not doing any of those things, I would expect some sort of option to have my IP whitelisted or verified. However, I can not find a single option to do so. The part that bugs me is that this happened two weeks ago with multiple major email services. Obviously, they are getting anti-spam policies from a central location of some kind. I don't know where. If I did, I could possibly go after the source and try to get my IP whitelisted. When I ask my other tech friends what they would do, they simply suggest changing ISPs. Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option. Is there anything I can do to remedy this situation?
Youtube

How YouTube Music Key Will Redefine What We Consider Music 105

Posted by samzenpus
from the no-more-ads dept.
First time accepted submitter Biswa writes YouTube launched its ad-free subscription music service called MusicKey. today. From the TechCrunch article: "YouTube finally unveiled its subscription music service today, and in some ways it’s very much like existing streaming music services, especially since it comes bundled with Google Play Music All Access. But YouTube Music Key also very much not like other streaming music services, because of the ways in which music is (or rather isn’t) defined on YouTube. One of the first questions I had about Google Music Key was how the company would define what kind of content from YouTube gets included: Would a home-shot cover of a Black Keys song with 253 views be as ad-free as the official music video for the original? Or was this a private club, designed for the traditionally defined music industry? Turns out, the nature of what Music Key encompasses is somewhat of a moving target, and the limited beta access that will initially gate entry to the service is in part due to that variability."
Encryption

ISPs Removing Their Customers' Email Encryption 245

Posted by Soulskill
from the aggressively-anticonsumer dept.
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation: Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
Communications

Ask Slashdot: How Useful Are DMARC and DKIM? 139

Posted by timothy
from the survey-says dept.
whoever57 writes How widely are DKIM and DMARC being implemented? Some time ago, Yahoo implemented strict checks on DKIM before accepting email, breaking many mailing lists. However, Spamassassin actually assigns a positive score (more likely to be spam) to DKIM-signed emails, unless the signer domain matches the from domain. Some email marketing companies don't provide a way for emails to be signed with the sender's domain — instead, using their own domain to sign emails. DMARC doesn't seem to have a delegation mechanism, by which a domain owner could delegate other domains as acceptable signatures for emails their emails. All of these issues suggest that the value of DKIM and DMARC is quite low, both as a mechanism to identify valid emails and as a mechanism to identify spam. In fact, spam is often dkim-signed. Are Slashdot users who manage email delivery actually using DKIM and DMARC?
Businesses

Can Ello Legally Promise To Remain Ad-Free? 153

Posted by timothy
from the anyone-can-promise-anything dept.
Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, but skeptics worried that venture capitalist investors might pressure Ello to change those policies, so this binding commitment was meant to assuage those fears. But is the commitment really legally binding and enforceable down the road? Read on for the rest.
The Internet

The Inevitable Death of the Internet Troll 571

Posted by samzenpus
from the sticks-and-stones dept.
HughPickens.com writes James Swearingen writes at The Atlantic that the Internet can be a mean, hateful, and frightening place — especially for young women but human behavior and the limits placed on it by both law and society can change. In a Pew Research Center survey of 2,849 Internet users, one out of every four women between 18 years old and 24 years old reports having been stalked or sexually harassed online. "Like banner ads and spam bots, online harassment is still routinely treated as part of the landscape of being online," writes Swearingen adding that "we are in the early days of online harassment being taken as a serious problem, and not simply a quirk of online life." Law professor Danielle Citron draws a parallel between how sexual harassment was treated in the workplace decades ago and our current standard. "Think about in the 1960s and 1970s, what we said to women in the workplace," says Citron. "'This is just flirting.' That a sexually hostile environment was just a perk for men to enjoy, it's just what the environment is like. If you don't like it, leave and get a new job." It took years of activism, court cases, and Title VII protection to change that. "Here we are today, and sexual harassment in the workplace is not normal," said Citron. "Our norms and how we understand it are different now."

According to Swearingen, the likely solution to internet trolls will be a combination of things. The expansion of laws like the one currently on the books in California, which expands what constitutes online harassment, could help put the pressure on harassers. The upcoming Supreme Court case, Elonis v. The United States, looks to test the limits of free speech versus threatening comments on Facebook. "Can a combination of legal action, market pressure, and societal taboo work together to curb harassment?" asks Swearingen. "Too many people do too much online for things to stay the way they are."
Google

Ask Slashdot: Why Can't Google Block Spam In Gmail? 265

Posted by timothy
from the spy-vs-jerkface dept.
An anonymous reader writes Every day my gmail account receives 30-50 spam emails. Some of it is UCE, partially due to a couple dingbats with similar names who apparently think my gmail account belongs to them. The remainder looks to be spambot or Nigerian 419 email. I also run my own MX for my own domain, where I also receive a lot of spam. But with a combination of a couple DNSBL in my sendmail config, SpamAssassin, and procmail, almost none of it gets through to my inbox. In both cases there are rare false positives where a legit email ends up in my spam folder, or in the case of my MX, a spam email gets through to my Inbox, but these are rare occurrences. I'd think with all the Oompa Loompas at the Chocolate Factory that they could do a better job rejecting the obvious spam emails. If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier. For anyone who's responsible for shunting Web-scale spam toward the fate it deserves, what factors go into the decision tree that might lead to so much spam getting through?
Windows

Microsoft Announces Windows 10 644

Posted by Soulskill
from the because-7-8-9 dept.
Today at a press conference in San Francisco, Microsoft announced the new version of their flagship operating system, called Windows 10. (Yes, t-e-n. I don't know.) With the new version of the operating system, they'll be unifying the application platform for all devices: desktops, laptops, consoles, tablets, and phones. As early leaks showed, the Start Menu is back — it's a hybrid of old and new, combining a list of applications with a small group of resizable tiles that can include widgets. Metro-style apps can now each operate inside their own window (video). There's a new, multiple-desktop feature, which power users have been demanding for years, and also a feature that lets users easily grab objects from one desktop and transfer it to another. The command line is even getting some love. The Technical Preview builds for desktops and laptops will be available tomorrow through the Windows Insider Program. They're requesting feedback from customers. Windows 10 will launch in late 2015.
Facebook

NY Magistrate: Legal Papers Can Be Served Via Facebook 185

Posted by timothy
from the never-friend-a-process-server dept.
New submitter Wylde Stile writes with an interesting case that shows just how pervasive social networking connections have become, including in the eyes of the law. A Staten Island, NY family court support magistrate allowed a Noel Biscoch to serve his ex-wife legal papers via Facebook. Biscoch tried to serve his ex-wife Anna Maria Antigua the old-fashioned way — in person and via postal mail — but his ex-wife had moved with no forwarding address. Antigua maintains an active Facebook account, though, and had even liked some photos on the Biscoch's present wife's Facebook page days before the ruling. The magistrate concluded that the ex-wife could be served through Facebook. If this catches on, I bet a lot of people will end up with legally binding notices caught by spam filters or in their Facebook accounts' "Other" folders.
Programming

Is It Time To Split Linux Distros In Two? 282

Posted by samzenpus
from the programming-of-solomon dept.
snydeq writes Desktop workloads and server workloads have different needs, and it's high time Linux consider a split to more adequately address them, writes Deep End's Paul Venezia. You can take a Linux installation of nearly any distribution and turn it into a server, then back into a workstation by installing and uninstalling various packages. The OS core remains the same, and the stability and performance will be roughly the same, assuming you tune they system along the way. Those two workloads are very different, however, and as computing power continues to increase, the workloads are diverging even more. Maybe it's time Linux is split in two. I suggested this possibility last week when discussing systemd (or that FreeBSD could see higher server adoption), but it's more than systemd coming into play here. It's from the bootloader all the way up. The more we see Linux distributions trying to offer chimera-like operating systems that can be a server or a desktop at a whim, the more we tend to see the dilution of both. You can run stock Debian Jessie on your laptop or on a 64-way server. Does it not make sense to concentrate all efforts on one or the other?"
Crime

The Five Nigerian Gangs Behind Most Craigslist Buyer Scams 160

Posted by samzenpus
from the who's-to-blame dept.
itwbennett writes Five Nigerian criminal gangs are behind most scams targeting sellers on Craigslist, and they've taken new measures to make their swindles appear legitimate, according to a study by George Mason University researchers Damon McCoy and Jackie Jones. In a new innovation, they're using professional check-writing equipment plus U.S.-based accomplices to not raise suspicions among their victims. McCoy and Jones will present their paper on Sept. 24 at the IEEE eCrime Research Summit in Birmingham, Alabama.
The Courts

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers 142

Posted by samzenpus
from the try-and-try-again dept.
An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"
Operating Systems

You Got Your Windows In My Linux 613

Posted by Soulskill
from the entirely-uncontroversial-opinions dept.
snydeq writes: Ultimately, the schism over systemd could lead to a separation of desktop and server distros, or Linux server admins moving to FreeBSD, writes Deep End's Paul Venezia. "Although there are those who think the systemd debate has been decided in favor of systemd, the exceedingly loud protests on message boards, forums, and the posts I wrote over the past two weeks would indicate otherwise. I've seen many declarations of victory for systemd, now that Red Hat has forced it into the enterprise with the release of RHEL 7. I don't think it's that easy. ... Go ahead, kids, spackle over all of that unsightly runlevel stuff. Paint over init and cron, pam and login. Put all of that into PID1 along with dbus. Make it all pretty and whisper sweet nothings about how it's all taken care of and you won't have to read a manual or learn any silly command-line stuff. Tune your distribution for desktop workloads. Go reinvent Windows."
Spam

TechCentral Scams Call Center Scammers 251

Posted by timothy
from the my-personal-record-is-about-20-minutes dept.
An anonymous reader writes "At TechCentral, we get on average called at least once a week — sometimes far more often — by a friendly sounding Indian national warning us that our Windows computer is infected with a virus. The call, which originates from a call centre, follows exactly the same script every time. Usually we shrug them off and put the phone down, but this week we thought we'd humour them to find out how they operate. As this week's call came in, the first thing the "operator" at the other end of the line tried to establish was who was owner of the Windows computer in the household. I'd taken the call. It was time to have some fun. I told the scammer that I was the PC owner. He proceeded to introduce himself as "John Connor." I laughed quietly as I imagined Arnold Schwarzenegger's Terminator hunting down this scamster in the streets of Calcutta. Perhaps he should have come up with a more convincing name."
Linux

Choose Your Side On the Linux Divide 826

Posted by samzenpus
from the picking-a-team dept.
snydeq writes The battle over systemd exposes a fundamental gap between the old Unix guard and a new guard of Linux developers and admins, writes Deep End's Paul Venezia. "Last week I posted about the schism brewing over systemd and the curiously fast adoption of this massive change to many Linux distributions. If there's one thing that systemd does extremely well, it is to spark heated discussions that devolve into wild, teeth-gnashing rants from both sides. Clearly, systemd is a polarizing subject. If nothing else, that very fact should give one pause. Fundamental changes in the structure of most Linux distributions should not be met with such fervent opposition. It indicates that no matter how reasonable a change may seem, if enough established and learned folks disagree with the change, then perhaps it bears further inspection before going to production. Clearly, that hasn't happened with systemd."

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...