Slashdot Mirror

A hacker going by the name AmFearLiathMor is claiming to have hacked ProtonMail and stolen "significant" amounts of data. They have posted a ransom demand to an anonymous Pastebin but it reads like a prank, as it states that the alleged hackers have access to underwater drone activity and treaty violations in Antarctica. Lawrence Abrams writes via BleepingComputer: According to the message, a hacker going by the name AmFearLiathMor makes quite a few interesting claims such as hacking ProtonMail's services and stealing user's email, that ProtonMail is sending their user's decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user's passwords. After reading the Pastebin message (archive.is link), which is shown in its entirety below minus some alleged keys, and seeing the amount of claims, the first thing that came to mind was a corporate version of the sextortion scams that have been running rampant lately. As I kept reading it, though, it just felt like a joke. ProtonMail posted on Twitter that this is a hoax and that there is no evidence that anything states is true. The encrypted email service provided a statement to BleepingComputer: "We believe this extortion attempt is a hoax, and we have seen zero evidence to suggest otherwise. Not a single claim made is true and many of the claims are unsound from a technical standpoint. We are aware of a small number of ProtonMail accounts that have been compromised as a result of those individual users falling for phishing attempts. However, there is zero evidence of a breach of our infrastructure."

An anonymous reader quotes a report from NBC News: NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to "malicious activity" from Russia-linked accounts during the 2016 U.S. presidential election. These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they're not done. At the request of NBC News, three sources familiar with Twitter's data systems cross-referenced the partial list of names released by Congress to create a partial database of tweets that could be recovered. You can download the streamlined spreadsheet (29 mb) with just usernames, tweet and timestamps, view the full data for ten influential accounts via Google Sheets, download tweets.csv (50 mb) and users.csv with full underlying data, and/or explore a graph database in Neo4j, whose software powered the Panama Papers and Paradise Papers investigations.

NBC News' partners at Neo4j have put together a "get started" guide to help you explore the database of Russian tweets. "To recreate a link to an individual tweet found in the spreadsheet, replace 'user_key' in https://twitter.com/user_key/status/tweet_id with the screenname from the 'user_key' field and 'tweet_id' with the number in the 'tweet_id' field," reports NBC News. "Following the links will lead to a suspended page on Twitter. But some copies of the tweets as they originally appeared, including images, can be found by entering the links on webcaches like the Internet Archive's Wayback Machine and archive.is."

An anonymous reader writes: The author of BrickerBot -- the malware that bricks IoT devices -- has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016. Similar to the authors of the Mirai malware, the BrickerBot developer dumped his malware's source code online, allowing other crooks to profit from his code. The code is said to contain at least one zero-day. In a farewell message left on hundreds of hacked routers, the BrickerBot author also published a list of incidents (ISP downtimes) he caused, while also admitting he is likely to have drawn the attention of law enforcement agencies. "There's also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe). For a while now my worst-case scenario hasn't been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am," the hacker said.

Shiva Ayyadurai still claims he invented email -- rather than the late ARPANET pioneer Ray Tomlinson. Now Gizmodo reports that Ayyadurai "will receive a $750,000 settlement from Gawker Media, the bankrupt publisher that he sued for defamation earlier this year." As part of the settlement, Gawker Media has agreed to delete three stories from the archive of Gawker.com, including one about Ayyadurai. Univision, which purchased most of Gawker Media's assets [including Gizmodo] out of bankruptcy in September, deleted two Gizmodo posts concerning Ayyadurai -- over the objections of the editorial staff -- immediately after closing the transaction... The offending Gizmodo articles made the case that "a lot of people don't believe that Ayyadurai invented email," and that "networked communication actually predates [his] computer program by a few years." As Tomlinson told Gizmodo in one of the stories Ayyadurai succeeded in getting unpublished, the email formats that are so familiar today -- to:, from:, etc. -- were in use years before Ayyadurai "invented" them.
The third post was titled, "If Fran Drescher Read Gizmodo She Would Not Have Married This Fraud."

Shiva Ayyadurai still claims he invented email -- rather than the late ARPANET pioneer Ray Tomlinson. Now Gizmodo reports that Ayyadurai "will receive a $750,000 settlement from Gawker Media, the bankrupt publisher that he sued for defamation earlier this year." As part of the settlement, Gawker Media has agreed to delete three stories from the archive of Gawker.com, including one about Ayyadurai. Univision, which purchased most of Gawker Media's assets [including Gizmodo] out of bankruptcy in September, deleted two Gizmodo posts concerning Ayyadurai -- over the objections of the editorial staff -- immediately after closing the transaction... The offending Gizmodo articles made the case that "a lot of people don't believe that Ayyadurai invented email," and that "networked communication actually predates [his] computer program by a few years." As Tomlinson told Gizmodo in one of the stories Ayyadurai succeeded in getting unpublished, the email formats that are so familiar today -- to:, from:, etc. -- were in use years before Ayyadurai "invented" them.
The third post was titled, "If Fran Drescher Read Gizmodo She Would Not Have Married This Fraud."

Shiva Ayyadurai still claims he invented email -- rather than the late ARPANET pioneer Ray Tomlinson. Now Gizmodo reports that Ayyadurai "will receive a $750,000 settlement from Gawker Media, the bankrupt publisher that he sued for defamation earlier this year." As part of the settlement, Gawker Media has agreed to delete three stories from the archive of Gawker.com, including one about Ayyadurai. Univision, which purchased most of Gawker Media's assets [including Gizmodo] out of bankruptcy in September, deleted two Gizmodo posts concerning Ayyadurai -- over the objections of the editorial staff -- immediately after closing the transaction... The offending Gizmodo articles made the case that "a lot of people don't believe that Ayyadurai invented email," and that "networked communication actually predates [his] computer program by a few years." As Tomlinson told Gizmodo in one of the stories Ayyadurai succeeded in getting unpublished, the email formats that are so familiar today -- to:, from:, etc. -- were in use years before Ayyadurai "invented" them.
The third post was titled, "If Fran Drescher Read Gizmodo She Would Not Have Married This Fraud."

An anonymous reader quotes a report from U.S. News and World Report: An army of reddit users believes it has found evidence that former Hillary Clinton computer specialist Paul Combetta solicited free advice regarding Clinton's private email server from users of the popular web forum. A collaborative investigation showed a reddit user with the username stonetear requested help in relation to retaining and purging email messages after 60 days, and requested advice on how to remove a "VERY VIP" individual's email address from archived content. The requests match neatly with publicly known dates related to Clinton's use of a private email server while secretary of state. Stonetear has deleted the posts, but before doing so, the pages were archived by other individuals. "ARCHIVE EVERYTHING YOU CAN!!!!" a person wrote on a popular thread on the Donald Trump-supporting subreddit r/The_Donald, as the entries disappeared. There are several reasons to believe the reddit user is indeed Combetta, who was granted immunity by the Justice Department during its investigation of Clinton's private server after he deleted a large number of emails. The evidence connecting Combetta to the account is circumstantial, but also voluminous. The inactive website combetta.com is registered to the email address stonetear@gmail.com, a search of domain registration information using the service whois.com indicates. An account for a person named Paul Combetta on the web bazaar Etsy also has the username stonetear. And, perhaps most damningly, there are the dates. Stonetear posted to reddit on July 24, 2014: "Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out..." U.S. News and World Reports adds: "On July 23, 2014, the House Select Committee on Benghazi had reached an agreement with the State Department on the production of records, according to an FBI report released earlier this month on the bureau's probe of her email use." Stonetear submitted an additional post to reddit on Dec. 10, 2014 that reads: "Hello- I have a client who wants to push out a 60 day email retention policy for certain users. However, they also want these users to have a 'Save Folder' in their Exchange folder list where the users can drop items that they want to hang onto longer than the 60 day window. All email in any other folder in the mailbox should purge anything older than 60 days (should not apply to calendar or contact items of course). How would I go about this? Some combination of retention and managed folder policy?"

UPDATE 9/19/2016: Slashdot reader NotInHere points out that there is a Slashdot user named "StoneTear" as well.

An anonymous reader quotes a report from U.S. News and World Report: An army of reddit users believes it has found evidence that former Hillary Clinton computer specialist Paul Combetta solicited free advice regarding Clinton's private email server from users of the popular web forum. A collaborative investigation showed a reddit user with the username stonetear requested help in relation to retaining and purging email messages after 60 days, and requested advice on how to remove a "VERY VIP" individual's email address from archived content. The requests match neatly with publicly known dates related to Clinton's use of a private email server while secretary of state. Stonetear has deleted the posts, but before doing so, the pages were archived by other individuals. "ARCHIVE EVERYTHING YOU CAN!!!!" a person wrote on a popular thread on the Donald Trump-supporting subreddit r/The_Donald, as the entries disappeared. There are several reasons to believe the reddit user is indeed Combetta, who was granted immunity by the Justice Department during its investigation of Clinton's private server after he deleted a large number of emails. The evidence connecting Combetta to the account is circumstantial, but also voluminous. The inactive website combetta.com is registered to the email address stonetear@gmail.com, a search of domain registration information using the service whois.com indicates. An account for a person named Paul Combetta on the web bazaar Etsy also has the username stonetear. And, perhaps most damningly, there are the dates. Stonetear posted to reddit on July 24, 2014: "Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out..." U.S. News and World Reports adds: "On July 23, 2014, the House Select Committee on Benghazi had reached an agreement with the State Department on the production of records, according to an FBI report released earlier this month on the bureau's probe of her email use." Stonetear submitted an additional post to reddit on Dec. 10, 2014 that reads: "Hello- I have a client who wants to push out a 60 day email retention policy for certain users. However, they also want these users to have a 'Save Folder' in their Exchange folder list where the users can drop items that they want to hang onto longer than the 60 day window. All email in any other folder in the mailbox should purge anything older than 60 days (should not apply to calendar or contact items of course). How would I go about this? Some combination of retention and managed folder policy?"

UPDATE 9/19/2016: Slashdot reader NotInHere points out that there is a Slashdot user named "StoneTear" as well.

thegarbz writes: As was covered previously on Slashdot the very hyped up game No Man's Sky was released to a lot of negative reviews about game-crashing bugs and poor interface choices. Now that players have had more time to play the game it has become clear that many of the features hyped by developers are not present in the game, and users quickly started describing the game as "boring".

Now, likely due to misleading advertising, Steam has begun allowing refunds for No Man's Sky regardless of playtime, and there are reports of players getting refunds on the Play Station Network as well despite Sony's strict no refund policy. Besides Sony, Amazon is also issuing refunds, according to game sites. In response, Sony's former Strategic Content Director, Shahid Kamal Ahmad, wrote on Twitter, "If you're getting a refund after playing a game for 50 hours you're a thief." He later added "Here's the good news: Most players are not thieves. Most players are decent, honest people without whose support there could be no industry."

In a follow-up he acknowledged it was fair to consider a few hours lost to game-breaking crashes, adding "Each case should be considered on its own merits and perhaps I shouldn't be so unequivocal."

An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It's possible its algorithm incorrectly identified them as malicious, but it's another negative mark on the company's record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great -- but also not really the point. The fact links to the archive was blocked at all suggests there's a very tight reign on what's allowed on Facebook across the board, and that's a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."

SpacemanukBEJY.53u writes: An article published by CNBC on Tuesday offered tips on how to create a secure password, complete with a form that tested submitted passwords. While well-intended, security experts said it exposed passwords to third-party advertisers. Also, the form created to test a password didn't use SSL/TLS, which meant someone on the same network could have sniffed it. Even worse, the tool claimed to not store the passwords, but an acute observer found they were actually being inputted into a Google Docs spreadsheet. CNBC quickly withdrew the article.

itwbennett writes: On Wednesday, Sprint customer Johnny Kim discovered an in-store technician adding MDM software to his personal iPhone 6 without prior notice or permission. Kim took to Twitter with his complaint, sparking a heated conversation about privacy and protection. One expert who commented on the issue told CSO's Steve Ragan that 'it's possible Sprint sees the installation of MDM software as an additional security offering, or perhaps as a means to enable phone location services to the consumer.' But, as Ragan points out, 'even if that were true, it's against [Sprint's] written policy and such offerings are offered at the cost of privacy and control over the user's own devices.' (MDM here means "Mobile Device Management.")