Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Microsoft Outlook injecting advertisement and URL into personal email

mr_diags writes: Recently GoDaddy's iPhone email client was retired and they aggressively encouraged users to migrate to Microsoft Outlook client. I detest most Microsoft products and ended up migrating to Spark. My wife took the path of least resistance and migrated to Outlook for iPhone. Yesterday I received a short email from her and noticed a live hypertext link “Get Outlook for iOS” in her email. I asked her why she wrote that and she said she did not. Examining the email source it clearly shows the email sent from her Outlook client has text embedded in the body of her email in both the plain text and HTML sections of the payload – including a live URL.

Yes, she needs to check if Outlook client had some default configuration when installed that embedded the advertisement, maybe a default signature. And who knows what the EULA she blindly accepted allowed MS to do, but isn’t this effectively a hack of a person’s personal email to inject an advertisement?

Content of the email, scrubbed of personal addresses:

------=_Part_13617_1251458795.1470690450092
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

It's a white 6.

Get Outlook for iOS

Received: (qmail 23638 invoked by uid 30297); 8 Aug 2016 21:07:31 -0000
Received: from unknown (HELO p3plibsmtp02-14.prod.phx3.secureserver.net) ([72.167.218.25])
(envelope-sender <xxxxx@xxxxx.com>)
by p3plsmtp01-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for <yyyy@yyyyy.us>; 8 Aug 2016 21:07:31 -0000
Received: from p3plsmtpa12-02.prod.phx3.secureserver.net ([68.178.252.231])
by p3plibsmtp02-14.prod.phx3.secureserver.net with bizsmtp
id Uku71t01H50JyDQ01l7WVW; Mon, 08 Aug 2016 14:07:31 -0700
Received: from mail.outlook.com ([52.32.165.217])
by p3plsmtpa12-02.prod.phx3.secureserver.net with
id Ul7W1t00A4hkzKG01l7Wm9; Mon, 08 Aug 2016 14:07:30 -0700
Date: Mon, 8 Aug 2016 21:07:30 +0000 (UTC)
From: xxxxx < xxxxx@xxxxx.com >
To: yyyy@yyyyy.us
Message-ID: <42D594FBB05BB1EC.2A5FFCE7-7B0A-44C6-8158-660A799F2AC9@mail.outlook.com>
In-Reply-To: <20160807214047.a3cf85ee342f91baffbcbe5e7a33596d.19fe9dae3e.wbe@email01.godaddy.com>
References: <20160807214047.a3cf85ee342f91baffbcbe5e7a33596d.19fe9dae3e.wbe@email01.godaddy.com>
Subject: Re: iPhone screens
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_13617_1251458795.1470690450092"
X-Mailer: Outlook for iOS and Android
X-Nonspam: Whitelist

------=_Part_13617_1251458795.1470690450092
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

It's a white 6.

Get Outlook for iOS

On Mon, Aug 8, 2016 at 12:40 AM -0400, <yyyy@yyyyy.us> wrote:

=C2=A0 =C2=A0Your screen parts shipped and ETA is Wednesday delivery.=C2=A0=
=C2=A0For your friends iPhone6 I've searched and found iPhone 6 — not 6plu=
s — screen repair kits for under $30, so depending on their model it may be=
reasonably priced to get the parts.

------=_Part_13617_1251458795.1470690450092
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head></head><body><div>It's a white 6.<br><br><div class="acompli_signature">Get <a href="https://www.microsoft.com/en-us/outlook-com/mobile/?WT.mc_id=outlook_app_signature_1">Outlook for iOS</a></div><br></div><br><br><br>
<div class="gmail_quote">On Mon, Aug 8, 2016 at 12:40 AM -0400, <span dir="ltr">&lt;<a href="mailto:yyyy@yyyyy.us" target="_blank">yyyy@yyyyy.us</a>&gt;</span> wrote:<br>
<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="3D&quot;ltr&quot;">
<span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>&nbsp; &nbsp;Your screen parts shipped and ETA is Wednesday delivery.</div><div>&nbsp; &nbsp;For your friends iPhone6 I've searched and found iPhone 6 — not 6plus — screen repair kits for under $30, so depending on their model it may be reasonably priced to get the parts.</div></span>

</div>

</blockquote>
</div>
</body></html>
------=_Part_13617_1251458795.1470690450092--

Submission + - Russian Anti-Piracy Law Targets Social Media

An anonymous reader writes: Officials in Russia are considering a new anti-piracy law which will target social media platforms that allow users to upload copyrighted content. A coalition that includes members of the Russian media groups National Federation of Music Industry (NFMI) and the Association of Film and Television Producers (APKIT) is reviewing current legislation and making recommendations for changes that will protect the rights of those who create original content. Their primary concern is for content that is uploaded without restriction to social media platforms by users. The new proposal includes an attempt to have current legislation revoked or changed to provide stricter definitions to help protect copyrights. They are also proposing an advertising ban on sites that have been found to violate content creators rights in court.

Submission + - 1 In 3 Americans Report Financial Losses Due To Being Defrauded (helpnetsecurity.com)

An anonymous reader writes: With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance. In the survey of 1,215 Americans, 46 percent said they had been the victim of a scam or fraud, had credit card information stolen, or had someone steal their identity. One in three Americans reported suffering financial loss – with 10 percent reporting that the loss had been over $1,000.

Submission + - Misuse of Language: 'Cyber' (threatpost.com)

msm1267 writes: The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber weapon” relate these terms to “attack,” framing the conversation in terms of acceptable responses to “attack” (namely, “strike-back,” “hack-back,” or an extreme interpretation of the vague term “active defense”).

In this op-ed, information security experts Dave Dittrick and Katherine Carpeneter discuss two problematic issues: first, we illustrate the misuse of the terms “cyber war” and “cyber weapon,” to raise awareness of the potential dangers that aggressive language brings to the public and the security community; and second, we address the reality that could exist when private citizens (and/or corporations) want to act aggressively against sovereign nations and the undesirable results those actions could produce.

Dittrich and Carpenter discuss these topics through the lens of the recent furor around the cyber incident at the Democratic National Committee.

Submission + - How the Pay Per Install Industry Works (csoonline.com)

itwbennett writes: It starts with that terms of service notice you never read when you download a new piece of software. 'Buried in the text that nobody reads is information about the bundle of unwanted software programs in the package you're about to download,' says Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon and one of the researchers who studied the link between so-called "pay-per-install" (PPI) practices and the distribution of unwanted software. Between the hapless user and the adware or scareware that plagues them is a network of brokers who forge the deals to bundle the extra software with popular applications and place download offers on well-trafficked websites. They get paid by PPI businesses directly, sometimes as much as $2 per install, the researchers said. One of their most striking findings is the degree to which downloads are personalized to maximize the chances that their payload will be delivered. The paper will be presented at the USENIX Security Symposium in Austin, Texas, later this week.

Submission + - Top-Level Cyber Espionage Group Uncovered After Years Of Stealthy Attacks (helpnetsecurity.com)

An anonymous reader writes: Symantec and Kaspersky Lab researchers have uncovered another espionage group that is likely backed by a nation-state. The former have dubbed the threat actor Strider, wile the latter named it ProjectSauron (after a mention in the code of one of the malware modules the group deploys). According to the researchers, evidence of ProjectSauron’s activity can be found as far back as 2011, and as near as early 2016. Within that period, the group has targeted at least 30 organizations around the world – Russia, China, Sweden, Belgium, Iran, Rwanda, (possibly) Italy. The complexity of the malware used, the fact that it remained hidden for so long, the nature of the victimized organizations (government and military entities, embassies, telecoms, scientific research centers), and the nature of the data collected and exfiltrated all point to a state-backed attack group, but it’s impossible to say for sure which one.

Submission + - London's Metropolitan Police Still Running 27,000 Windows XP Desktops

An anonymous reader writes: London’s Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27,000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital’s police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: ‘The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers are still using it is worrying.’ As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems.

Submission + - EFF Asks FTC To Demand 'Truth In Labeling' For DRM (techdirt.com)

An anonymous reader writes: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It’s bad enough to when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct — but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it’s vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.

Submission + - Solar Impulse off on the last leg (bbc.com)

AppleHoshi writes: The BBC is reporting that Solar Impulse, the all electric aeroplane making a circumnavigation of the globe, has left Cairo on the 17th and final leg of the epic journey. The Solar Impulse team estimates a 48-hour flight to the destination (and the staring point for the flight, last year), Abu Dhabi. All is not plain sailing, though. Despite the flight being mostly over desert where there's generally plenty of sunshine, the pilot, Bertrand Piccard, may have problems with the desert heat and the strong thermal updraughts which it creates.

Submission + - Do Gut Bacteria Rule Our Minds? (ucsf.edu)

giorgioarmani writes: It sounds like science fiction, but it seems that bacteria within us – which greatly outnumber our own cells – may very well be affecting both our cravings and moods to get us to eat what they want, and often are driving us toward obesity.In an article published this week in the journal BioEssays, researchers from UC San Francisco, Arizona State University and University of New Mexico concluded from a review of the recent scientific literature that microbes influence human eating behavior and dietary choices to favor consumption of the particular nutrients they grow best on, rather than simply passively living off whatever nutrients we choose to send their way.

Submission + - SPAM: Can our local supercluster defeat the accelerating Universe's expansion?

StartsWithABang writes: When dark energy was discovered, and the expansion of the Universe was shown to be accelerating, there was concurrently another puzzle that received much less attention: the problem of the Great Attractor. Galaxies appear to move due to both the Hubble expansion and the local gravitational field, but the gravity from the galaxies we saw didn’t account for all the motion. There must have been an additional set of masses, revealed only in the 2010s with the identification of the supercluster Laniakea. All the galaxies in our local neighborhood are headed towards it, but are we moving fast enough to overcome the expansive pull of dark energy? The answer looks to be no.

Submission + - Newt Gingrich Calls for US Muslims to Take Sharia Test, Face Deportation 2

flopsquad writes: Following the July 14th terror attack in Nice, France, former House Speaker Newt Gingrich has called for US Muslims to be tested for their belief in Sharia law, and if so, deported:

Western civilisation is in a war. We should frankly test every person here who is of a Muslim background and if they believe in Sharia they should be deported.

While the cleverest few might try to defeat such a test by answering "No," Mr. Gingrich laid out additional steps to shore up the plan:

The first step is you have to ask them the questions. The second step is you have to monitor what they're doing on the Internet. The third step is, let me be very clear, you have to monitor the mosques. I mean, if you're not prepared to monitor the mosques, this whole thing is a joke.

Gingrich also opined that:

Anybody who goes on a website favoring Isis, or al-Qaeda, or other terrorist groups, that should be a felony, and they should go to jail.

No word on the 1st and 4th Amendment implications of his proposals, nor on where Gingrich plans to deport US citizens who fail his Sharia test.

Submission + - PM Theresa May drops political bombshell on Whitehall -- tech firms beware! (arstechnica.co.uk)

An anonymous reader writes: British Prime Minister Theresa May has given a stern warning to big business, telling the public to "think not of the powerful, but you." Specifically, she singled out Google and Amazon for dodging taxes and creating a lot of parliamentary scrutiny. Ars Technica reports: "May has been quick to stamp her brand of conservatism on her party by letting go of key members of Cameron's cabinet. She has so far sacked big hitters such as chancellor of the exchequer George Osborne, justice secretary Michael Gove, and culture secretary John Whittingdale. Philip Hammond now has the keys to Number 11, but we're still waiting to hear who will replace Whittingdale, whose remit included the rollout of super fast broadband in the UK. He's also the man behind the White Paper on the future of the BBC, which sought radical changes at the public service broadcaster. So far, 10 cabinet positions have been announced by May. They include Justine Greening as secretary of state for education, and Liz Truss becomes justice secretary, while former London mayor and key Brexit campaigner Boris Johnson — to the surprise of many — now heads up the foreign office. May has handed her home secretary job to Amber Rudd — who will now be responsible for the government's push for greater online surveillance laws. Rudd was previously the minister for energy and climate change."

Submission + - Generic Ransomware Detection System Built for Windows (threatpost.com)

msm1267 writes: A team of researchers from the University of Florida and the Villanova University have a built a generic ransomware detection utility for Windows machines, one that focuses on how ransomware transforms data rather than the execution of malicious code.

Their utility is called CryptoDrop, and in a test against nearly 500 real-world ransomware samples from 14 distinct families, it detected 100 percent of attacks with relatively little file loss (a median loss of 10 files).

The tool is described in a paper called “CryptoLock (and Drop it): Stopping Ransomware Attacks on User Data,” written by Nolen Scaife, Patrick Traynor, Kevin R. B. Butler of the University of Florida, and Henry Carter of Villanova University.

“Our system (built only for Windows) is the first ransomware detection system that monitors user data for changes that may indicate transformation rather than attempting to identify ransomware by inspecting its execution (e.g., API call monitoring) or contents,” the researchers wrote. “This allows CryptoDrop to detect suspicious activity regardless of the delivery mechanism or previous benign activity."

Slashdot Top Deals

Life is cheap, but the accessories can kill you.

Working...