Spam

Spam Is Back (theoutline.com) 89

Jon Christian, writing for The Outline: For a while, spam -- unsolicited bulk messages sent for commercial or fraudulent purposes -- seemed to be fading away. The 2003 CAN-SPAM Act mandated unsubscribe links in email marketing campaigns and criminalized attempts to hide the sender's identity, while sophisticated filters on what were then cutting-edge email providers like Gmail buried unwanted messages in out-of-sight spam folders. In 2004, Microsoft co-founder Bill Gates told a crowd at the World Economic Forum that "two years from now, spam will be solved." In 2011, cybersecurity reporter Brian Krebs noted that increasingly tech savvy law enforcement efforts were shutting down major spam operators -- including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam. These efforts meant that the proportion of all emails that are spam has slowly fallen to a low of about 50 percent in recent years, according to Symantec research.

But it's 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven't helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls.

Google

Google Will Stop Letting Sites Use AMP Format To Bait and Switch Readers (theverge.com) 57

"Google today announced a forthcoming update to its Accelerated Mobile Pages, or AMP, web format that aims to discourage website owners from misusing the service," reports The Verge. "The company says that, starting in February 2018, AMP pages must contain content nearly identical to that of the standard page they're replicating." From the report: Currently, because AMP pages load faster and more clutter-free versions of a website, they naturally contain both fewer ads and less links to other portions of a site. That's led some site owners to publish two versions of a webpage: a standard page and an AMP-specific one that acts a teaser of sorts that directs users to the original. That original page, or canonical page in Google parlance, is by nature a slower loading page containing more ads and with a potentially lower bounce rate, which is the percentage of viewers who only view one page before leaving. Now, Google is cracking down on that behavior. "AMP was introduced to dramatically improve the performance of the web and deliver a fast, consistent content consumption experience," writes Ashish Mehta, an AMP product manager. "In keeping with this goal, we'll be enforcing the requirement of close parity between AMP and canonical page, for pages that wish to be shown in Google Search as AMPs."
The Military

North Korean Hackers Are Targeting US Defense Contractors (wpengine.com) 146

chicksdaddy quotes Security Ledger: North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People's Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.

"As the situation between the DPRK and the US has become more tense, we've definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK," an official at an aerospace and defense firm told Security Ledger. The so-called "probes" were targeting the company's administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network... So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.

CNBC also reports that America's congressional defense committees have authorized a last-minute request for $4 billion in extra spending for "urgent missile defeat and defense enhancements to counter the threat of North Korea."

Other countries newly interested in purchasing missile defense systems include Japan, Sweden, Poland, and Saudi Arabia.
Twitter

Twitter Exploit Let Two Pranksters Post 30,000-Character Tweet (engadget.com) 65

sqorbit writes: Two German twitter users were able to post a 30,000-character tweet, blowing way past the 280-character limit it is testing for select users. The accounts were banned for a brief period of time but are now back online after they apologized. The original 30,396-character tweet has been archived and can be viewed here. The two pranksters exploited "a rule Twitter made in 2016 that links would no longer count in the 140-character limit," reports The Daily Dot. "Yes, this is just one big web address with a URL code hidden deep in the large block of text."
Patents

Apple Wins $120 Million From Samsung In Slide-To-Unlock Patent Battle (theverge.com) 72

Apple has finally claimed victory over Samsung to the count of $120 million. "The Supreme Court said today that it wouldn't hear an appeal of the patent infringement case, first decided in 2014, which has been bouncing through appeals courts in the years since," reports The Verge. From the report: The case revolved around Apple's famous slide-to-unlock patent and, among others, its less-famous quick links patent, which covered software that automatically turned information like a phone number into a tappable link. Samsung was found to have infringed both patents. The ruling was overturned almost two years later, and then reinstated once again less than a year after that. From there, Samsung appealed to the Supreme Court, which is where the case met its end today. Naturally, Samsung isn't pleased with the outcome. "Our argument was supported by many who believed that the Court should hear the case to reinstate fair standards that promote innovation and prevent abuse of the patent system," a Samsung representative said in a statement. The company also said the ruling would let Apple "unjustly profit" from an invalid patent.
Firefox

Popular Firefox Bookmark Syncing Add-On Starts Losing... Bookmarks (bleepingcomputer.com) 67

A popular Firefox browser add-on that saves and syncs bookmarks has started to lose those bookmarks instead, users are complaining. From a report: According to user reports -- and your reporter's own experience -- the problems arose when Xmarks updated the add-on to version 4.5.0.4, the first version to work on the new WebExtensions API, Firefox's new add-on technology. Since then, Firefox users have reported a wide range of problems, but among which the biggest was the fact that Xmarks was not syncing bookmarks as it should. The problems did not manifest the same way for all users. Some users said the add-on stopped syncing new bookmarks altogether, some reported corrupted links, others said they lost all bookmarks, while other reported that only a small portion of new bookmark URLs was being added to their Xmarks account.
Government

'Panama Papers' Group Strikes Again with 'Paradise Papers' (theguardian.com) 402

Long-time Slashdot reader Freshly Exhumed tipped us off to a new document leak that's just revealed massive tax havens used by the world's most wealthy and powerful people. An anonymous reader quotes the Guardian: The material, which has come from two offshore service providers and the company registries of 19 tax havens, was obtained by the German newspaper Suddeutsche Zeitung and shared by the International Consortium of Investigative Journalists with partners including the Guardian, the BBC and the New York Times. The project has been called the Paradise Papers.
It's the same group responsible for the Panama Papers, and the Guardian reports that in these 13.4 million new files, journalists have discovered:
  • "Aggressive tax avoidance by multinational corporations, including Nike and Apple."

"The publication of this investigation, for which more than 380 journalists have spent a year combing through data that stretches back 70 years, comes at a time of growing global income inequality," reports the Guardian. "Meanwhile, multinational companies are shifting a growing share of profits offshore -- €600 billion in the last year alone -- the leading economist Gabriel Zucman will reveal in a study to be published later this week. "Tax havens are one of the key engines of the rise in global inequality," he said."


IT

HTTP 103 - An HTTP Status Code for Indicating Hints (ietf.org) 50

The Internet Task Engineering Group (IETF) has approved the new HTTP status code 103. The new status code is intended to "minimize perceived latency." From the circular: It is common for HTTP responses to contain links to external resources that need to be fetched prior to their use; for example, rendering HTML by a Web browser. Having such links available to the client as early as possible helps to minimize perceived latency. The "preload" ([Preload]) link relation can be used to convey such links in the Link header field of an HTTP response. However, it is not always possible for an origin server to generate the header block of a final response immediately after receiving a request. For example, the origin server might delegate a request to an upstream HTTP server running at a distant location, or the status code might depend on the result of a database query. The dilemma here is that even though it is preferable for an origin server to send some header fields as soon as it receives a request, it cannot do so until the status code and the full header fields of the final HTTP response are determined. [...] The 103 (Early Hints) informational status code indicates to the client that the server is likely to send a final response with the header fields included in the informational response. Typically, a server will include the header fields sent in a 103 (Early Hints) response in the final response as well. However, there might be cases when this is not desirable, such as when the server learns that they are not correct before the final response is sent. A client can speculatively evaluate the header fields included in a 103 (Early Hints) response while waiting for the final response. For example, a client might recognize a Link header field value containing the relation type "preload" and start fetching the target resource. However, these header fields only provide hints to the client; they do not replace the header fields on the final response. Aside from performance optimizations, such evaluation of the 103 (Early Hints) response's header fields MUST NOT affect how the final response is processed. A client MUST NOT interpret the 103 (Early Hints) response header fields as if they applied to the informational response itself (e.g., as metadata about the 103 (Early Hints) response).
Firefox

Firefox To Get a Better Password Manager (bleepingcomputer.com) 92

Catalin Cimpanu, reporting for BleepingComputer: Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." Mozilla released the new extension for employee-use only at first, but users can install it by going to this or this links. Lockbox revamps Firefox's antiquated password management utility with a new user interface (UI). A new Firefox UI button is also included, in case users want to add a shortcut in their browser's main interface to open Lockbox without going through all the menu options. Support for a master password is included, helping users secure their passwords from unauthorized access by co-workers, family members, or others.
Earth

Study Links Rapid Ice Sheet Melting With Distant Volcanic Eruptions (upi.com) 117

schwit1 quotes UPI: New research suggests volcanic eruptions can trigger periods of rapid ice sheet melting... "Over a time span of 1,000 years, we found that volcanic eruptions generally correspond with enhanced ice sheet melting within a year or so," Francesco Muschitiello, a postdoctoral researcher at Columbia University's Lamont-Doherty Earth Observatory, said in a news release. The volcanoes of note weren't situated next-door, but thousands of miles from the ice sheet, a reminder of the unexpected global impacts of volcanic activity.

The new research -- detailed this week in the journal Nature Communications -- suggests ash ejected into the atmosphere by erupting volcanoes can be deposited thousands of miles away. When it's deposited on ice sheets, the dark particles cause the ice to absorb more thermal energy and accelerate melting... Some scientists have even suggested melting encouraged by volcanic eruptions could trigger even more eruptions, a positive feedback loop. As glaciers and ice sheets melt, pressure is relieved from the planet's crust, allowing magma to rise to the surface.

Links

See a Random Slashdot Story From the Last 20 Years (destinyland.net) 65

An anonymous reader writes: Happy aniversary, Slashdot! To commemorate your 20th year, here's a special web project I created. Every time you reload the page, it pulls up another one of the 162,000 stories Slashdot has posted over the last 20 years -- each time choosing a different story at random.
The original submission has one caveat. If you keep reloading the page long enough, you'll eventually get a story by Jon Katz.
Businesses

Why We Must Fight For the Right To Repair Our Electronics (ieee.org) 224

Kyle Wiens and Gay Gordon-Byrne explain via IEEE Spectrum how people in the United States can preserve their right to repair electronics, and why people must fight for the right in the first place. Here's an excerpt from their report: So how can people in the United States preserve their right to repair electronics? The answer is now apparent: through right-to-repair legislation enacted at the state level. Popular support on this issue has been clear since 2012, when 86 percent of the voters in Massachusetts endorsed a ballot initiative that would "[require] motor vehicle manufacturers to allow vehicle owners and independent repair facilities in Massachusetts to have access to the same vehicle diagnostic and repair information made available to the manufacturers' Massachusetts dealers and authorized repair facilities." Carmakers howled in protest, but after the law passed, they decided not to fight independent repair. Indeed, in January 2014 they entered into a national memorandum of understanding [PDF], voluntarily extending the terms of the Massachusetts law to the entire country. The commercial vehicle industry followed suit in October 2015. Now we need right-to-repair legislation for other kinds of equipment, too, particularly electronic equipment, which is the focus of "digital right to repair" initiatives in many states.

Similar to the Massachusetts legislation for automobiles, these digital-right-to-repair proposals would require manufacturers to provide access to service documentation, tools, firmware, and diagnostic programs. They also would require manufacturers to sell replacement parts to consumers and independent repair facilities at reasonable prices. The bills introduced this year in a dozen states have some variations. The ones in Kansas and Wyoming, for example, are limited to farm equipment. The one most likely to be adopted soon is in Massachusetts, which seeks to outlaw the monopoly on repair parts and information within the state. If it passes, electronics manufacturers will probably change their practices nationwide. Consumers would then have more choices when something breaks. The next time your smartphone screen cracks, your microwave oven gets busted, or your TV dies, you may be able to get it fixed quickly, affordably, and fairly. And you, not the manufacturer, would decide where your equipment is repaired: at home, with the manufacturer, or at a local repair shop that you trust.

Ubuntu

Ubuntu 17.10 Artful Aardvark Released 134

Canonical has made available the download links for Ubuntu 17.10 "Artful Aardvark". It comes with a range of new features, changes, and improvements including GNOME as the default desktop, Wayland display server by default, Optional X.org server session, Mesa 17.2 or Mesa 17.3, Linux kernel 4.13 or kernel 4.14, new Subiquity server installer, improved hardware support, new Ubuntu Server installer, switch to libinput, an always visible dock using Dash to Dock GNOME Shell extension, and Bluetooth improvements with a new BlueZ among others.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 140

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 126

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Music

SUSE Shares Linux-Themed Music Video Parodies (itwire.com) 28

Long-time Slashdot reader troublemaker_23 quotes ITWire: German Linux company SUSE Linux is well-known for its Linux and other open source solutions. It is also known for producing videos for geeks and debuting them at its annual SUSECon conference. This year, in Prague, was no different. The company, which marked its 25th year on 2 September, came up with two videos, one to mark the occasion and the other all about Linux and open source. Both videos are parodies of well-known songs: the video Linus Said is based on "Momma Said", while 25 Years is a parody of "7 Years". Some of the lyrics in both SUSE videos would be meaningless to the average person -- but every word will ring a bell, sometimes a very poignant one, with geeks. And that's the primary audience it targets.
The article embeds both videos -- and also links to the music videos they're parodying. And it includes links to SUSE's two previous annual music video parodies -- Uptime Funk (based on Bruno Mars' blockbuster hit "Uptown Funk"), and Can't Stop the SUSE, a parody of Justin Timberlake's "Can't Stop the Feeling".
Businesses

Ask Slashdot: How Can You Apply For A Job When Your Code Samples Suck? 408

An anonymous Slashdot reader ran into a problem when looking for a new employer: Most ask for links to "recent work" but the reason I'm leaving my current job is because this company doesn't produce good code. After years of trying to force them to change, they have refused to change any of their poor practices, because the CTO is a narcissist and doesn't recognize that so much is wrong. I have written good code for this company. The problem is it is mostly back-end code where I was afforded some freedom, but the front-end is still a complete mess that doesn't reflect any coherent coding practice whatsoever...

I am giving up on fixing this company but finding it hard to exemplify my work when it is hidden behind some of the worst front-end code I have ever seen. Most job applications ask for links to live code, not for code samples (which I would more easily be able to supply). Some of the websites look okay on the surface, but are one right click -> inspect element away from giving away the mess; most of the projects require a username and password to login as well but account registration is not open. So how do I reference my recent work when all of my recent work is embarrassing on the front-end?

The original submission's title asked what to use for work samples "when the CTO has butchered all my work." Any suggestions? Leave your best thoughts in the comments. How can you apply for a job when your code samples suck?
Input Devices

What Will Replace Computer Keyboards? (xconomy.com) 302

jeffengel writes:Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.

He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.

One example he gives is holding up your hand to pause a video.
Google

Google Bombs Are Our New Normal (wired.com) 94

mirandakatz writes: Tech companies' worst crises used to come in the form of pranks like Google bombs: Users figured out how to game search results, such as when a search for "miserable failure" turned up links to information about then-president George W. Bush. Today, in the era of fake news and Russian interference, that's basically our new normal -- but as Karen Wickre, a former communications lead at companies like Google and Twitter, points out, tech companies' approaches to dealing with the new breed of crises haven't evolved much since the age of Google bombs. Wickre suggests a new, collaborative approach that she dubs the "Federation," writing that "No single company, no matter how massive and wealthy, can hire its way out of a steady gusher of bad information or false and manipulative ads...The era of the edge case -- the exception, the outlier—is over. Welcome to our time, where trouble is forever brewing."

Slashdot Top Deals