An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."
itwbennett writes "Starting this week, a new, clearly marked 'unsubscribe' link will appear at the top of the header field in marketers' emails. Previously only appearing for a small percentage of users, the feature will now be made available for most promotional messages with unsubscribe options, Google said on Thursday. Email recipients do not need to take action for the links to appear."
Paul server guy writes "I am building a limousine bus, and the owners want to prevent occupants from using cameras on board. (But they would like the cameras mounted on the bus to continue to operate; I think they would consider this optional.) They would also like to do it without having to wear any 'anti-paparazzi' clothing (because they also want to protect the other guests on board), and without destroying the cameras. (So no EMP generators, please). We've done some testing with high-power IR, but that proved ineffective. Does anyone have any ideas that they are willing to share?"
mspohr writes "The New York Times has an interesting article about Brian Krebs (Krebs on Security): 'In the last year, Eastern European cybercriminals have stolen Brian Krebs's identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.' His reporting is definitely on the edge. 'Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus.' The article concludes with this: 'Mr. Joffe worries Mr. Krebs's enemies could do far worse. "I don't understand why he hasn't moved to a new, undisclosed address," he said. "But Brian needs a bodyguard."' (He does have a shotgun.)"
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
puddingebola writes "The 'Internet of Things' is as susceptible to malware and spam as the rest of the net. From the article, 'A fridge has been discovered sending out spam after a web attack managed to compromise smart gadgets...The spam attack took place between 23 December 2013 and 6 January this year, said Proofpoint in a statement. In total, it said, about 750,000 messages were sent as part of the junk mail campaign. The emails were routed through the compromised gadgets. About 25% of the messages seen by Proofpoint researchers did not pass through laptops, desktops or smartphones, it said.' Read Proofpoint's statement here."
Bennett Haselton writes "Google created controversy by announcing that Google+ users will now be able to send email to Gmail users even without having those Gmail users' email addresses. I think this debate misses the point, because it's unlikely to create a deluge of unsolicited email to Gmail users, as long as Google can throttle outgoing messages from Google+ users and terminate abusive accounts. The real controversy should be over the fact that Google+ users can search a public database of the names of all Gmail users in the first place. And limiting the ability of Google+ users to write to those Gmail accounts, won't do anything to address that." Read below to see what Bennett has to say.
theodp writes "After being punished by Google for manipulative SEO tactics, a contrite Rap Genius says it's back in Google's good graces. 'It takes a few days for things to return to normal, but we're officially back!' reads a post by the Rap Genius founders. 'First of all, we owe a big thanks to Google for being fair and transparent and allowing us back onto their results pages. We overstepped, and we deserved to get smacked.' Rap Genius credits some clever trackback scraping programming for its quick redemption, but a skeptic might suggest it probably didn't hurt that Rap Genius' biggest investor, Andreessen Horowitz, is tight with Google."
An anonymous reader writes with this news from California: "According to the article, 'Officials at the Federal Bureau of Prisons say an inmate escaped from a minimum security area of the federal prison in Lompoc. Prison officials say Jeffrey Kilbride, 48, was discovered missing at around 1:30 p.m. on Friday....A search is reportedly underway. Prison officials say Kilbride was serving a 78-month sentence for conspiracy and fraud. He was due to be released on December 11, 2015.'" Here's why Kilbride was in prison.
Tackhead writes "People of a certain age — the age before email filters were effective, may remember a few mid-90s buzzwords like 'bulletproof hosting' and 'double opt-in.' People may remember that Hormel itself conceded that although 'SPAM' referred to their potted meat product, the term 'spam' could refer to unsolicited commercial email. People may also remember AGIS, Cyberpromo, Sanford 'Spam King' Wallace, and Walt Rines. Ten years after a 2003 retrospective on Rines and Wallace, Ars Technica reminds us that the more things change, the more they stay the same."
Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
An anonymous reader writes "I'm currently being targeted by an overseas debt collection scam. My landline rings every 10-15 minutes all day every day. I considered getting a blacklisting device to block the incoming calls, but the call center spoofs a different number on my caller ID each time, and it's gotten to the point where I've just unplugged the phones. I'm already on the Do No Call Registry and have filed a complaint with the FTC. Aside from ditching my landline, changing my number, and/or blowing a whistle into the receiver anytime I actually pick up, are there any real solutions out there? Has anybody had luck with a blacklisting device?"
cold fjord writes "It looks like no more spam, spam, spam for Norway's warriors... at least on Mondays. The Daily Caller reports, 'Norway's military is taking drastic steps to ramp up its war against global warming. The Scandinavian country announced its soldiers would be put on a vegetarian diet once a week to reduce the military's carbon footprint. "Meatless Monday's" has already been introduced at one of Norway's main military bases and will soon be rolled out to others, including overseas bases. It is estimated that the new vegetarian diet will cut meat consumption by 150 tons per year. "It's a step to protect our climate," military spokesman Eystein Kvarving told AFP. "The idea is to serve food that's respectful of the environment." ... The United Nations says that livestock farming is responsible for 18 percent of global greenhouse gas emissions. Cutting meat consumption, environmentalists argue, would help stem global warming and improve the environment." — The Manchester Journal reports, "The meatless Monday campaign launched in 2003 as a global non-profit initiative in collaboration with Johns Hopkins University to promote personal and environmental health by reducing meat consumption.'"
Mark Gibbs writes "If you've ever tried to navigate using a smartphone while cycling you'll know full well that you took your life in your hands. By the time you've focused on the map and your brain has decoded what you're looking at you've traveled far enough to be sliding on gravel or go careening into the side of a car. What's needed is a way that you can get directions from your smartphone without having to lose your focus and possibly your life and Hammerhead Navigation have one of the most interesting answers I've seen."
jfruh writes "We've reached a point in our electronic lives where most of our gadgets draw power from a USB cable, and we have lots of USB ports to choose from — some of which live on other gadgets, some of which live on adapters that plug into your wall or car. But those ports supply wildly varying amounts of power, which can result in hours of difference in how long it takes your phone to charge. The Practical Meter, the product of a successful Kickstarter campaign, can help you figure out which power sources are going to juice up your gadgets the fastest."
recoiledsnake writes with news of Google tracking a bit more of your life. From the article: "Google is beta-testing a program that uses smartphone location data to determine when consumers visit stores, according to agency executives briefed on the program by Google employees. Google then connects these store visits to Google searches conducted on smartphones. If someone conducts a Google mobile search for 'screwdrivers,' for instance, a local hardware store could bid to have its store listing served to that user. By pairing that person's location data with its database of store listings, Google can see if the person who saw that ad subsequently visited the store.It is easiest for Google to conduct this passive location tracking on Android users, since Google has embedded location tracking into the software. Once Android users opt in to location services, Google starts collecting their location data as continuously as technologically possible."
starglider29a writes "Yesterday, a website I maintain that has a Twitter presence encountered an 'unsafe' warning when clicking on the tweets. 'This link has been flagged as potentially harmful.' After scanning the site and its database, then checking with Google and third-party site scanners, I found no evidence of harm. At noon, The Atlantic posted an article which describes the same issue with the Philadelphia City Paper. 'Perhaps most frustrating of all is that Twitter has not been particularly responsive to the paper's plight.' If the warnings are incorrect, how does Twitter justify this libel?"
An anonymous reader writes "Email service FastMail.fm has an blog post about an interesting bug they're dealing with related to the new Mail.app in Mac OS 10.9 Mavericks. After finding a user who had 71 messages in his Junk Mail folder that were somehow responsible for over a million entries in the index file, they decided to investigate. 'This morning I checked again, there were nearly a million messages again, so I enabled telemetry on the account ... [Mail.app] copying all the email from the Junk Folder back into the Junk Folder again!. This is legal IMAP, so our server proceeds to create a new copy of each message in the folder. It then expunges the old copies of the messages, but it's happening so often that the current UID on that folder is up to over 3 million. It was just over 2 million a few days ago when I first emailed the user to alert them to the situation, so it's grown by another million since. The only way I can think this escaped QA was that they used a server which (like gmail) automatically suppresses duplicates for all their testing, because this is a massively bad problem.' The actual emails added up to about 2MB of actual disk usage, but the bug generated an additional 2GB of data on top of that."
An anonymous reader writes "Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you're a human, and your work much harder if you're a bot. Unsurprisingly, Google wouldn't share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user's entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test."