Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.

Former Googler and Foursquare employee Sean Haufler is now a student at Yale studying CS and Economics, but he hasn't put away his real-world software skills for academia. When two other Yale students named Harry Yu and Peter Xu were threatened with the school's punishment committee for designing a site that extends and improves the presentation of data from the school-controlled course selection guide (the Yale Bluebook [available only at Yale]), Haufler decided to create a similar site which he hopes will force the school's hand to either allow or deny this kind of data-mashing presentation. He acknowledges that there are legitimate questions about copyright, but Haufler's site treads lightly in a way that Yu and Xus did not: "Banned Bluebook never stores data on any servers. It never talks to any non-Yale servers. Moreover, since my software is smarter at caching data locally than the official Yale course website, I expect that students using this extension will consume less bandwidth over time than students without it. Don’t believe me? You can read the source code. No data ever leaves Yale’s control. Trademarks, copyright infringement, and data security are non-issues. It's 100% kosher." And if the school disagrees? "If Yale denies this right, I'll see you at the punishment committee." Of note: the Yale Bluebook site itself grew out of an independent student project, but was later acquired by the school. Update: 01/20 00:26 GMT by T : Correction: Unlike Yu and Xu, Haufler's approach is not a full-fledged separate site, but rather a Chrome extension that presents the data from Yale's own site differently, rather than at any point re-hosting it. Mea culpa.

Slashdot contributor Bennett Haselton writes "A recent webinar for newsletter publishers suggested that if you want your emails not to be blocked as 'spam,' you paradoxically have to engage in some practices that contribute to the erosion of users' privacy, including some tactics similar to what many spammers are doing. The consequences aren't disastrous, but besides being a loss for privacy, it's another piece of evidence that free-market forces do not necessarily lead to spam filters that are optimal for end users." Read on for the rest of Bennett's thoughts.

New submitter stewartrob70 writes with an explanation of the inadvertent (or at least unwarranted) blocking of innocuous sites that UK ISPs Virgin and Sky are engaged in, as reported by PC Pro. The ISPs' filtering systems "appear to be blocking innocent third-party sites with apparently little or no human oversight." stewartrob70 excerpts from a blog posting with an explanation of why: "In order to understand why this specific issue happened, you need to be familiar with a quirk in how DNS is commonly used in third-party load-balanced site deployments. Many third-party load balanced systems, for example those using Amazon's AWS infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, 'example.com' usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point "example.com" to a server that merely redirects all requests to 'www.example.com.' From forum posts we can see that it's this redirection system, in this specific case an A record used for 'http-redirection-a.dnsmadeeasy.com,' that has been blocked by the ISPs — probably a court-order-blocked site is also using the service — making numerous sites unavailable for any request made without the ''www' prefix."

Techmeology writes "Legitimate TV schedule website RadioTimes.com was briefly blocked by ISPs Be Broadband and Virgin Media as a result of the site's shared IP address. This comes days after it was discovered that Sky's system is vulnerable to DNS attacks that lead to TorrentFreak being blocked accidentally."

Bennett Haselton writes "After initial abuse reports failed to shut down some anti-women and pro-rape pages on Facebook, a wider lobbying campaign succeeded in prompting a Facebook policy change. This has been alternately hailed as a vindication of the campaigner's cause, or derided as proof that Facebook can be cowed by humorless feminists. In reality, the success of the campaign was most likely the outcome of a mostly arbitrary and random process that required a lot of luck, just as the initial abuse reports didn't succeed because they didn't have the necessary luck on their side. Neither result should be taken to reflect on the merits of the campaigner's actual points." Read on for the rest of Bennett's thoughts.

benrothke writes "Phil Lapsley calls his book 'the untold story of the teenagers and outlaws who hacked Ma Bell.' The story is an old one, going back to the early 1960's. Lapsley was able to track down many of the original phone phreaks and get their story. Many of them, even though the years have passed, asked Lapsley not to use their real names." Read below for the rest of Ben's review.

wo1verin3 writes "Previously reported on Slashdot was a story about a malware attempt masquerading itself as a Demonoid resurrection. It turns out this really was Demonoid making a comeback. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database."

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

An anonymous reader writes "Valve has just released its February, 2013 Steam Hardware & Software Survey, and the results are absolutely mind blowing. Linux is now standing strong as a legitimate gaming platform. It now represents 2.02% of all active Steam users." That's in keeping with what new submitter lars_doucet found. Lars writes: "I'm an independent game developer lucky enough to be on Steam. Recently, the Steam Linux client officially went public and was accompanied by a site-wide sale. The Linux sale featured every single Linux-compatible game on the service, including our cross-platform game Defender's Quest. .... Bottom line: during the sale we saw nearly 3 times as many Linux sales of the game as Mac (Windows still dominated overall)."

Bennett Haselton writes "The U.S. government recently announced that academic papers on federally-funded research should become freely available online within one year of publication in a journal. But the real question is why academics don't simply publish most papers freely anyway. If the problem is that traditional journals have a monopoly on the kind of prestige that can only be conferred by having your paper appear in their hallowed pages, that monopoly can easily be broken, because there's no reason why open-access journals can't confer the same imprimatur of quality." Read on for the rest of Bennett's thoughts on the great free-access debate.

First time accepted submitter WolfeCanada writes "North Korea apparently conducted a widely anticipated nuclear test Tuesday, strongly indicated by an 'explosion-like' earthquake that monitoring agencies around the globe said appeared to be unnatural." North Korea has confirmed the test, according to the Washington Post, in an article that touches on its political context. Among other things, the Post notes that this "is the first under new North Korean leader Kim Jong Eun and the clearest sign that the third-generation leader, like his father and grandfather, prefers to confront the United States and its allies rather than make peace with them." Adds reader eldavojohn "KCNA news claims that the test was safe and cited the threat of the U.S. for conducting the test, saying 'The test was carried out as part of practical measure of counteraction to defend the country's security and sovereignty in the face of the ferocious hostile act of the U.S. which wantonly violated the DPRK's legitimate right to launch satellite for peaceful purposes.' RT is posting a feed of the many condemnations from governments and organizations."

wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."

Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.

benrothke writes "It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can't create and maintain secure passwords. When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult. When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks." Keep reading to learn if you'll be picking locks soon.

judgecorp writes "The British Pirate Party has been asked by the music business organisation BPI to pull the plug on the Pirate Bay proxy it has been running. The Pirate Party provides a way round the court-ordered ban on ISPs providing connections to the file-sharing site, The Pirate Bay. So far the Pirate Party says the proxy is a 'legitimate route' to the site, but the BPI says the Pirate Bay is 'not above the law.'"

Frequent contributor Bennett Haselton writes: After I sent 10 new proxy sites to my (confirmed-opt-in) mailing list, two of them ended up on one of Spamhaus's blacklists, and as a result, all 10 domains were disabled by the domain registrar, so the sites disappeared from the Web. Did you even know this could happen?"

Nate the greatest writes "Do you know what is crazier than sending DMCA notices to a site like Lendink which doesn't host any content? It's when an author threatens to sue book reviewers over trademarks. Jazan Wild, a comics creator, is sending out threatening emails to any and all book blogs who review a recently published book called Carnival of Souls. The book was written by Melissa Marr, and it happens to use a title which Jazan Wild owns the registered trademark. He's also suing the publisher for trademark infringement, but HarperCollins is laughing it off. The book blog Bookalicious posted the email they got from Jazan. Needless to say they did not take down the review."

RogueyWon writes "In an interview with gaming site Rock, Paper, Shotgun, Ubisoft has announced that it will no longer use always-online DRM for its PC games. The much-maligned DRM required players to be online and connected to its servers at all times, even when playing single-player content. This represents a reversal of Ubisoft's long-standing insistence that such DRM was essential if the company were to be profitable in the PC gaming market." The full interview has a number of interesting statements. Ubisoft representatives said the decision was made in June of last year. This was right around the time the internet was in an uproar over the DRM in Driver: San Francisco, which Ubisoft quickly scaled back. Ubisoft stopped short of telling RPS they regretted the always-online DRM, or that it only bothers legitimate customers. (However, in a different interview at Gamasutra, Ubisoft's Chris Early said, "The truth of it, they're more inconvenient to our paying customers, so in listening to our players, we removed them.") They maintain that piracy is a financial problem, and acknowledged that the lack of evidence from them and other publishers has only hurt their argument.

Ian Lamont writes "Remember LendInk, the legitimate ebook lending community that got knocked offline at the beginning of August by a mob of misguided authors? The site's owner, Dale Porter, received a lot of support after the story went viral and last week was able to reactivate the site and his affiliate accounts with Amazon and Barnes & Noble." The owner reportedly received a DMCA notice immediately, but a few folks dug and it appears that the "lawyer" who issued it is no lawyer at all, and probably an Internet troll (evidence includes not being listed as a lawyer in PA, using a home address, and sending the takedown from gmail). Or just a really bad lawyer.