Communications

VA Tech Student Arrested For Posting Perceived Threat Via Yik Yak 88

Posted by timothy
from the how-to-win-friends-and-influence-people dept.
ememisya writes: I wonder if I posted, "There will be another 12/7 tomorrow, just a warning." around December, would people associate it with Pearl Harbor and I would find myself arrested, or has enough time passed for people to not look at the numbers 12 and 7 and take a knee jerk reaction? A student was arrested for "Harassment by Computer" (a class 1 misdemeanor in the state of Virginia) due to his post on an "anonymous" website [Yik Yak]. Although the post in and of itself doesn't mean anything to most people in the nation, it managed to scare enough people locally for law enforcement agencies to issue a warrant for his arrest. "Moon, a 21-year-old senior majoring in business information technology, is being charged with Harassment by Computer, which is a class one misdemeanor. Tuesday night, April 28, a threat to the Virginia Tech community was posted on the anonymous social media app Yik Yak. Around 11:15 p.m., an unknown user posted 'Another 4.16 moment is going to happen tomorrow. Just a warning (sic).' The Virginia Tech Police Department released a crime alert statement Wednesday morning via email informing students that VTPD was conducting an investigation throughout the night in conjunction with the Blacksburg Police Department."
Security

CareerBuilder Cyberattack Delivers Malware Straight To Employers 45

Posted by timothy
from the where-it-hurts dept.
An anonymous reader writes: Security threat researchers Proofpoint have uncovered an email-based phishing attack which infected businesses with malware via the CareerBuilder online job search website. The attack involved the hacker browsing job adverts across the platform and uploading malicious files during the application process, titling the documents "resume.doc" and "cv.doc." Once the CV was submitted, an automatic email notification was sent to the business advertising the position, along with the uploaded document. In this case, Proofpoint found that as a business opens the automatic email from CareerBuilder to view the attached file the document plays on a known Word vulnerability to sneak a malicious code onto the victim's computer. According to the threat research group, the manual attack technique although time-consuming has a higher success rate than automated tools as the email attachments are more likely to be opened by the receiver.
Security

Researcher Bypasses Google Password Alert For Second Time 34

Posted by timothy
from the if-you-watch-everything-you-lose-perspective dept.
Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.
Security

Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines 169

Posted by timothy
from the just-where-you-least-expect-it dept.
An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.
Education

University Overrules Professor Who Failed Entire Management Class 353

Posted by timothy
from the aggies-being-aggies dept.
McGruber writes: After a semester of disrespect, backstabbing, lying, and cheating, Texas A&M Galveston Professor Irwin Horwitz had all he could take. He "sent a lengthy email to his Strategic Management class explaining that they would all be failing the course. He said the students proved to be incompetent and lack the maturity level to enter the workforce." Professor Horwitz's email cited examples of students cheating, telling him to "chill out," and inappropriate conduct. He said students spread untrue rumors about him online, and he said at one point he even felt the need to have police protection in class. "I was dealing with cheating, dealing with individuals swearing at me both in and out of class, it got to the point that the school had to put security guards at that class and another class," said Horowitz.

However, Vice President of Academic Affairs Dr. Patrick Louchouarn made it very clear that the failing grades won't stick. The department head will take over the class until the end of the semester, according to school officials.
Government

Indian Telecom Authority Releases a Million Email IDs, Taken Down By Hackers 21

Posted by samzenpus
from the naming-names dept.
knwny writes: In a bizarre move that threatens the privacy of over a million internet users in India, the Telecom Regulatory Authority of India (TRAI) has released the list of email IDs from which it received responses regarding net neutrality. Most of these responses were sent by the general public following a massively popular online campaign to protect Internet neutrality in India. The regulatory body says that it has received large number of comments from the stakeholders on its Consultation paper on "Regulatory Framework for OTT services". So to aid the reading of comments, it has divided them into three blocks — "comments from the service providers," "comments from the service providers' association" and "comments from other stakeholders'"(this includes individuals, organizations, consulting firms etc). In the meantime, the TRAI website remains inaccessible after a DDoS attack by Anonymous India, the hacker collective, apparently in retaliation for the data release.
United States

Officials Say Russian Hackers Read Obama's Unclassified Emails 109

Posted by samzenpus
from the lets-have-a-look dept.
An anonymous reader points out that Russian hackers reportedly obtained some of President Obama’s emails when the White House’s unclassified computer system was hacked last year. Some of President Obama's email correspondence was swept up by Russian hackers last year in a breach of the White House's unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation. The hackers, who also got deeply into the State Department's unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama's BlackBerry, which he or an aide carries constantly. But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.
Censorship

Irish Legislator Proposes Law That Would Make Annoying People Online a Crime 114

Posted by Soulskill
from the turn-yourselves-in-at-the-local-pub dept.
An anonymous reader sends this report from TechDirt: Is Ireland looking to pass a law that would "outlaw ebooks and jail people for annoying others?" Well, no, not really, but that's the sort of unintended consequences that follow when laws are updated for the 21st century using little more than a word swap. Ireland has had long-standing laws against harassment via snail mail, telephones and (as of 2007) SMS messages. A 2014 report by the government's somewhat troublingly-named "Internet Content Governance Advisory Group" recommended updating this section of the law to cover email, social media and other internet-related transmissions. ... The broad language -- if read literally -- could make emailing an ebook to someone a criminal offense. Works of fiction are, by definition, false. ... It's the vestigial language from previous iterations of the law -- words meant to target scam artists and aggressive telemarketers -- that is problematic. Simply appending the words "electronic communications" to an old law doesn't address the perceived problem (cyberbullying is cited in the governance group's report). It just creates new problems.
Apple

Apple Offers Expedited Apple Watch Order Lottery To Developers 74

Posted by samzenpus
from the your-number's-up dept.
An anonymous reader writes: Apple is sending out invites to random registered developers, giving them the chance to buy an Apple Watch with guaranteed delivery by the end of the month. "Special Opportunity for an Expedited Apple Watch Order," the invite email states. "We want to help give Apple developers the opportunity to test their WatchKit apps on Apple Watch as soon as it is available. You have the chance to purchase one (1) Apple Watch Sport with 42mm Silver Aluminum Case and Blue Sport Band that's guaranteed to ship by April 28, 2015."
Crime

Can Online Reporting System Help Prevent Sexual Assaults On Campus? 234

Posted by timothy
from the vote-early-and-often dept.
jyosim writes Studies have shown that as many as 90 percent of campus rapes are committed by repeat offenders. A new system is designed to help identify serial assaulters, by letting students anonymously report incidents in order to look for patterns. But some argue that having the ability to report someone with just the click of a button may not be a good thing. Andrew T. Miltenberg, a New York lawyer who represents young men accused of sexual misconduct, says though the system seems well intended, he is concerned about dangers it may pose to students who are accused. 'We're all guilty of pressing send on an angry text or email that, had we had to put it into an actual letter and proofread, we probably wouldn't have sent,' he says.
Mars

Briny Water May Pool In Mars' Equatorial Soil 39

Posted by samzenpus
from the wet-around-the-middle dept.
astroengine writes Mars may be a frigid desert, but perchlorate salts in the planet's soil are lowering the freezing temperature of water, setting up conditions for liquid brines to form at equatorial regions, new research from NASA's Curiosity rover shows. The discovery of subsurface water, even a trickle, around the planets warmer equatorial belt defies current climate models, though spacecraft orbiting Mars have found geologic evidence for transient liquid water, a phenomenon termed "recurring slope lineae." The findings, published in this week's Nature Geoscience, are based on nearly two years worth of atmospheric humidity and temperature measurements collected by the roving science laboratory Curiosity, which is exploring an ancient impact basin called Gale Crater near the planet's equator. The brines, computer models show, form nightly in the upper 2 inches of the planet's soil as perchlorates absorb atmospheric water vapor. As temperatures rise in the morning, the liquid evaporates. The levels of liquid, however, are too low to support terrestrial-type organisms, the researchers conclude. "It is not just a problem of water, but also temperature. The water activity and temperatures are so low in Mars that they are beyond the limits of cell reproduction and metabolism," Javier Martin-Torres, with Lulea University of Technology, in Kiruna, Sweden, wrote in an email to Discovery News.
Japan

Transforming Robot Gets Stuck In Fukushima Nuclear Reactor 99

Posted by samzenpus
from the bend-me-shape-me dept.
An anonymous reader writes with more bad news for the people still dealing with the Fukushima nuclear accident. "The ability to change shape hasn't saved a robot probe from getting stuck inside a crippled Japanese nuclear reactor. Tokyo Electric Power will likely leave the probe inside the reactor housing at the Fukushima Dai-ichi complex north of Tokyo after it stopped moving. On Friday, the utility sent a robot for the first time into the primary containment vessel (PCV) of reactor No. 1 at the plant, which was heavily damaged by the 2011 earthquake and tsunami in northern Japan. 'The robot got stuck at a point two-thirds of its way inside the PCV and we are investigating the cause,' a Tokyo Electric spokesman said via email. The machine became stuck on Friday after traveling to 14 of 18 planned checkpoints."
Businesses

Amazon Sues To Block Fake Reviews 126

Posted by samzenpus
from the 4-out-of-5-stars-would-review-again dept.
An anonymous reader writes Amazon has filed suit against operators of sites that offer Amazon sellers the ability to purchase fake 4 and 5 star customer reviews. The suit is the first of its kind and was filed in King County Superior Court against a California man, Jay Gentile, identified in Amazon's filings as the operator of buyazonreviews.com. The site also targets unidentified "John Does" who operate similar sites: buyreviewsnow.com, bayreviews.net, and buyamazonreviews.com. From the article: "The site buyazonreviews.com, which the suit claims is run by Gentile, didn't respond to a request for comment. But Mark Collins, the owner of buyamazonreviews.com, denied Amazon's claims. In an email interview, Collins said the site simply offers to help Amazon's third-party sellers get reviews. 'We are not selling fake reviews. however we do provide Unbiased and Honest reviews on all the products,' Collins wrote. 'And this is not illegal at all.'"
Youtube

Google To Offer Ad-Free YouTube - At a Price 358

Posted by samzenpus
from the pay-up dept.
First time accepted submitter totalcaos writes YouTube announced today its plans for an ad-free, subscription-based service by way of an email sent out to YouTube Partners. The email details the forthcoming option, which will offer consumers the choice to pay for an "ads-free" version of YouTube for a monthly fee. The additional monetization option requires partners to agree to updated terms on YouTube's Creator Studio Dashboard, which notes that the changes will go into effect on June 15, 2015. We talked about the possibility of an ad-free model back in October.
Security

Angry Boss Phishing Emails Prompt Fraudulent Wire Transfers 36

Posted by Soulskill
from the fear-trumps-common-sense dept.
chicksdaddy writes: Lots of studies have shown that assertiveness works in the professional sphere as well as the personal one. It turns out to work pretty well in the cyber criminal sphere, also. Websense Labs has posted a blog warning of a new round of spear phishing attacks that rely on e-mail messages posing as urgent communications from senior officers to lower level employees. The messages demand that the employees wire funds to a destination account provided in the message.

According to Websense, these attacks are low tech. The fraudsters register "typo squatting" domains that look like the target company's domain, but are subtly different. They then set up e-mails at the typo squatted domain designed to mirror legitimate executive email accounts. Like many phishing scams, these attacks rely on the similarities of the domains and often extensive knowledge of key players within the company, creating e-mails that are highly convincing to recipients.

The key element of their attack is – simply – "obeisance," Websense notes. "When the CEO or CFO tells you to do something, you do it." The messages were brief and urgent, included (phony) threads involving other company executives and demanded updates on the progress of the transfer, making the request seem more authentic. Rather than ask the executive for clarification (or scrutinize the FROM line), the employees found it easier to just wire the money to the specified account, Websense reports.

Websense notes the similarities between the technique used in the latest phishing attack and the grain trading firm Scoular in June, 2014. That company was tricked into wiring some $17 million to a bank in China, with employees believing they were acting on the wishes of executives who had communicated through e-mail.
Australia

Oops: World Leaders' Personal Data Mistakenly Released By Autofill Error 140

Posted by samzenpus
from the sounds-like-a-case-of-the-mondays dept.
mpicpp writes in with this story about a mistake that saw personal details of world leaders accidentally disclosed by the Australian immigration department. "With a single key stroke, the personal information of President Obama and 30 other world leaders was mistakenly released by an official with Australia's immigration office. Passport numbers, dates of birth, and other personal information of the heads of state attending a G-20 summit in Brisbane, Australia, were inadvertently emailed to one of the organizers of January's Asian Cup football tournament, according to The Guardian. The U.K. newspaper obtained the information as a result of an Australia Freedom of Information request. Aside from President Obama, leaders whose data were released include Russian President Vladimir Putin, German Chancellor Angela Merkel, Chinese President Xi Jinping and British Prime Minister David Cameron. The sender forgot to check the auto-fill function in the email 'To' field in Microsoft Outlook before hitting send, the BBC reports."
Government

Sign Up At irs.gov Before Crooks Do It For You 349

Posted by samzenpus
from the real-you dept.
tsu doh nimh writes If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view your current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
Security

Startups Increasingly Targeted With Hacks 49

Posted by Soulskill
from the waiting-for-the-easy-marks-to-ripen dept.
ubrgeek writes: Slack, makers of the popular communications software, announced yesterday that they'd suffered a server breach. This follows shortly after a similar compromise of Twitch.tv, and is indicative of a growing problem facing start-up tech companies. As the NY Times reports, "Breaches are becoming a kind of rite of passage for fledgling tech companies. If they gain enough momentum with users, chances are they will also become a target for hackers looking to steal, and monetize, the vast personal information they store on users, like email addresses and passwords."
United Kingdom

Prison Inmate Emails His Own Release Instructions To the Prison 198

Posted by Soulskill
from the just-crazy-enough-to-work dept.
Bruce66423 writes: A fraudster used a mobile phone while inside a UK prison to email the prison a notice for him to be released. The prison staff then released him. The domain was registered in the name of the police officer investigating him, and its address was the court building. The inmate was in prison for fraud — he was originally convicted after calling several banks and getting them to send him upwards of £1.8 million.
Blackberry

Iowa's Governor Terry Branstad Thinks He Doesn't Use E-mail 306

Posted by timothy
from the bizarro-er-and-bizarro-er dept.
Earthquake Retrofit writes The Washington Post reports the governor of Iowa denying he uses e-mail, but court documents expose his confusion. From the article: "Branstad's apparent confusion over smartphones, apps and e-mail is ironic because he has tried to portray himself as technologically savvy. His Instagram account has pictures of him taking selfies and using Skype... 2010 campaign ads show him tapping away on an iPad. 'Want a brighter future? We've got an app for that.' Earlier this month, the governor's office announced that it had even opened an account on Meerkat, the live video streaming app." Perhaps he's distancing himself from e-mail because it's a Hillary thing.