Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Could this be FUD? (Score 1) 30

Most people don't get an unfiltered email feed any more; your ISP or webmail provider will be rejecting or dumping a lot of the more obvious junk long before it even comes close your spam folder, let alone your inbox, so unless you are running your own mail server and can see all the inbound email unfiltered and are monitoring SMTP rejects it's much harder to tell. Cisco Talos is essentially going to be using the SpamCop feed and traps to make their assessments, so they have access to a *lot* of "raw" SMTP traffic on which to base their judgement. I only run a relatively small number of spam traps to get some spam for teaching Bayes because my MTA level filtering blocks out upwards of 90% of the crap before it even gets to SpamAssassin so there's a larger margin of error and not the >100% rise Talos is seeing, but even so I'm seeing a sharp uptick in volume and a lot more port scanning for SMTP servers than has been the case for quite some time.

Comment Re:Trump & spam (Score 2) 30

I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting spamtraps that go back years (some were only ever seeded on Usenet over a decade ago) so either someone in Trump's campaign, officially or otherwise, has been buying really low quality mailing lists, or someone has fed them a bunch of email addresses from them.

Comment Trump & spam (Score 2) 30

Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the .uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC.

Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...

Comment Re:Haha Akamai is Kapakai (Score 2) 192

Actually, that's not the case, despite a lot of the coverage claiming it is. It's the largest seen by by Akamai, but OVH reported a DDoS peaking at 800Gb/s earlier the same day - although there are no indications of a connection (yet?). What's perhaps more interesting about the DDoS on Krebs isn't the size of it so much that it apparently wasn't a UDP amplification attack, which is the norm for DDoS these days, but TCP/GRE - the botnet used was generating all that traffic on its own Both attacks are far larger than any one group was thought capable of doing (until now) and might be an indication that the number of botnet operators might not be as large as suspected, but instead consists of a smaller number of operators with multiple botnets under their control.

Submission + - Facebook launches first nationwide voter registrationdrive (usatoday.com)

OWCareers writes: SAN FRANCISCO — Facebook wants you to get out to vote.

On Friday, Facebook users in the U.S. who are 18 and up will receive a reminder to register to vote at the top of their News Feed.

The voter registration drive, Facebook's first to roll out nationwide, is tapping the power of social media to influence millions of people and their friends, especially young people who are less likely to turn out. The reminder will be sent out over the next four days, Facebook said.

Submission + - SPAM: Biometric Skimmers: Future Threats To ATMs

SecurityNews writes: Kaspersky Lab experts investigated how cybercriminals could exploit new biometric ATM authentication technologies planned by banks. While many financial organizations consider biometric-based solutions to be one of the most promising additions to current authentication methods, cybercriminals see biometrics as a new opportunity to steal sensitive information. The investigation into underground cybercrime concluded there are already at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. In addition, at least three underground sellers are already researching devices that could illegally obtain data from palm vein and iris recognition systems.
Link to Original Source

Submission + - Research finds normal matter distribution determines galaxy rotation (sciencedaily.com)

Burz writes: "Galaxy rotation curves have traditionally been explained via an ad hoc hypothesis: that galaxies are surrounded by dark matter," said David Merritt, professor of physics and astronomy at the Rochester Institute of Technology, who was not involved in the research. "The relation discovered by McGaugh et al. is a serious, and possibly fatal, challenge to this hypothesis, since it shows that rotation curves are precisely determined by the distribution of the normal matter alone. Nothing in the standard cosmological model predicts this, and it is almost impossible to imagine how that model could be modified to explain it, without discarding the dark matter hypothesis completely."

The researchers plotted the radial acceleration observed in rotation curves published by a host of astronomers over the last 30 years against the acceleration predicted from the observed distribution of ordinary matter now in the Spitzer Photometry & Accurate Rotation Curves database McGaugh's team created. The two measurements showed a single, extremely tight correlation, even when dark matter is supposed to dominate the gravity.

Submission + - Your 2016 Ig Nobel wacky research winners (networkworld.com)

alphadogg writes: The Annals of Improbable Research doles out its annual awards for unusual scientific research, including for studying the effects of wearing polyester, cotton or wool trousers on the sex life of rats, and, later, on humans.

Submission + - Amtrak Experimenting with Advanced Security on Northwest Trains (schneier.com)

reifman writes: While security expert Bruce Schneier has regularly written about Amtrak's efforts to close the air travel security theater gap, he's impressed by its advanced security experiments making security theater essentially invisible to passengers. Breast milk, nipple piercings and growlers are now deemed safe. While not mentioned in its new branding effort, even WiFi passwords are unnecessary...complete with all the inherent protections TSA is known for.

Submission + - Senate Panel Authorizes Money For Mission To Mars (usatoday.com)

An anonymous reader writes: With a new president on the horizon, a key Senate committee moved Wednesday to protect long-standing priorities of the nation’s space program from the potential upheaval of an incoming administration. Members of the Commerce, Science and Transportation Committee passed a bipartisan bill authorizing $19.5 billion to continue work on a Mars mission and efforts to send astronauts on private rockets to the International Space Station from U.S. soil — regardless of shifting political winds. Under the Senate bill, NASA would have an official goal of sending a crewed mission to Mars within the next 25 years, the first time a trip to the Red Planet would be mandated by law. The legislation would authorize money for different NASA components, including $4.5 billion for exploration, nearly $5 billion for space operations and $5.4 billion for science. Beyond money, the measure would: Direct NASA to continue working on the Space Launch System and Orion multi-purpose vehicle that are the linchpins of a planned mission to send astronauts to Mars by the 2030s. The bill includes specific milestones for an unmanned exploration mission by 2018 and a crewed exploration mission by 2021. Require development of an advanced space suit to protect astronauts on a Mars mission. Continue development of the Commercial Crew Program designed to send astronauts to the space station — no later than 2018 — on private rockets launched from U.S. soil. Expand the full use and life of the space station through 2024 while laying the foundation for use through 2028. Allow greater opportunities for aerospace companies to conduct business in Low Earth Orbit. Improve monitoring, diagnosis and treatment of the medical effects astronauts experience from spending time in deep space.

Submission + - Yahoo confirms gigantic breach: 500m users affected (cso.com.au)

River Tam writes: As expected, Yahoo has confirmed it faced a gigantic breach and has finally recommended users change their passwords.

If you have an account with Yahoo and haven’t changed your password since 2014, now is the time to do it. The company confirmed today a copy of sensitive user account information was stolen from its network in “late 2014” and suspects the attacker was a state-sponsored actor.

Submission + - TypeScript 2.0 Released (arstechnica.com)

An anonymous reader writes: Since its introduction, TypeScript has included new features to improve performance, enhance JavaScript compatibility, and extend the range of error checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big step forward here by giving developers greater control over null values. null, used to denote (in some broad, hand-waving sense) that a variable holds no value at all, has been called the billion dollar mistake. Time and time again, programs trip up by not properly checking to see if a variable is null, and for good or ill, every mainstream programming language continues to support the null concept. TypeScript 2.0 brings a range of new features, but the biggest is control over these null values. With TypeScript 2.0, programmers can opt into a new behavior that by default prevents values from being null. With this option enabled, variables by default will be required to have a value and can't be set to null accidentally. This in turn allows the compiler to find other errors such as variables that are never initialized.

Submission + - Corporations feel cyber breaches are a minor cost of business

northernboy writes: The Rand Corporation has completed a study of corporate responses to cybersecurity breaches which shows that most corporate loses fall into the range of a minor cost of doing business.
From the press release:
Researchers found that the typical cost of a breach was about $200,000 and that most cyber events cost companies less than 0.4 percent of their annual revenues. The $200,000 cost was roughly equivalent to a typical company's annual information security budget.

“Relative to all the other risks companies face, the cyber risks often aren't as big a deal as we think,” said Sasha Romanosky, author of the study and a policy researcher at RAND, a nonprofit research organization. “It may be bad for you if you are the victim, but it doesn't change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can't begrudge them for working that way.” ...
  “If it is true that on average that businesses lose 5 percent of their annual revenue to fraud, and that the cost of a cyber event represents only 0.4 percent of a firm's revenues, then one may conclude that these hacks, attacks and careless behaviors represent a small fraction of the costs that firms face, and therefore only a small portion of the cost of doing business,” Romanosky said.

Given that finding — and surveys that indicate consumers are mostly satisfied with the ways companies respond to data breaches — he says that businesses “lack a strong incentive to increase their investment in data security and privacy protection.” Moreover, if their losses are not out of line with other costs, he said, “maybe the firms are already doing the right thing,” making government policies to induce more precautions unnecessary.

So, cheer up! There isn't really any significant problem here. Unless you happen to be a consumer, but Hey, if the current ones get damaged, there are always plenty more where they came from...

Submission + - Microsoft ends Tuesday patches (helpnetsecurity.com)

An anonymous reader writes: Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new ‘monthly update packs’ will be combined, so for instance, the November update will include all the patches from October as well.

Submission + - Yahoo Preparing to Reveal 'Massive' Loss of User Data (bloomberg.com)

JustAnotherOldGuy writes: Yahoo! Inc. is preparing to disclose a “massive” data breach of its main service, Recode reported, just as Verizon Communications Inc. prepares to take over the ailing internet company’s core assets.Such a revelation would confirm earlier reports that the same hacker who’d stolen data from LinkedIn was now selling information from 200 million Yahoo accounts on a dark web marketplace. The data up for sale included user names, scrambled passwords and birth dates and likely dated from 2012. Reports of the security breach come just as Chief Executive Officer Marissa Mayer is about to close a deal with Verizon that ends the once-dominant internet firm’s independence.

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Working...