Did he get the job?
US-CERT has issued a warning that DomainKeys Identified Mail (DKIM) verifiers that use low-grade encryption are open to being spoofed and need to be upgraded to combat attackers wielding contemporary quantities of computing power. You might think this is no big deal – after all the value of strong cryptography has been …
quote: "It's not against the law to spoof an e-mail"
Arguably fraud? Also, I am unsure where the varous computer misuse type legislation stands regarding deliberately factoring Google's 512-bit key, when the content is "just" an email, but the intent is to enable spoofing of a "secured" email domain.
I can see an unlucky person facing criminal charges, given just how far-reaching some of the computer misuse legislation can be :(
Fraud subpoena maybe, court trial doubtful.
Given his field, his reasons, and his actions, I don't think it rises to the level of "meant to deceive" required by fraud. He does appear to have been wrong in his initial assumption that it was a creative recruiting technique, but given that assumption, his response seems reasonable if unorthodox. Of course his biggest protection is that he performed other research and reported it to CERT.
Absent those, yeah, subpoena and time in the pokey would likely be in order.
DCMA angle is a tough call. It would certainly be easy enough to file the charges. But in this case because of the way the fraud charges would work, I think there would be as much risk to DCMA as there is to him. Oh, the initial trial might be a slam dunk for the prosecution, but the inevitable appeal might get DCMA declared unconstitutional.
Fraud - in the US at least - is an intentional deception made for gain or to damage someone else. Self promotion could, on a stretch, be seen as an attempt for gain but that argument is, IMHO, a stretch. According to the Wikipedia definition I think this would be categorized as a hoax.
DMCA *should* be limited to DRM cryptography used to protect copyrighted material. I'm not sure I can see any copyright angle here, and I am not aware of any cases where DMCA has been used with no copyright angle whatsoever... which would make this, IMHO, also a stretch.
I do seem to recall a case of Facebook impersonation (person X logged in as person Y and did bad things) being pursued as ID Theft... and I'm not sure how it ended up. Maybe that one?
Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.
The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.
Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.
Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.
This email campaign was detected in May and is ongoing, according to researchers at Zscaler's ThreatLabz, and is similar to phishing messages sent a couple of years ago.
This latest wave is aimed at US entities in a broad array of sectors, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain, the researchers wrote this month.
Open-source cross-platform email and messaging client Thunderbird has hit version 102, with a new look and improved functionality, including Matrix chat support.
The latest release is the first major upgrade since version 91, which The Reg looked at last August. This is normal for the app – it follows the same approximately annual release cycle as Firefox's Extended Support Releases, the most recent of which was also version 91. From now until the next major release, Thunderbird 102 will get a regular stream of minor updates and bug fixes.
102 has a modernized look and feel. There's a new "Spaces" toolbar, which appears vertically on the left of the app window and lets users quickly flip between inbox, address book, calendar, task list, and chat tabs. All of these are built-in features – the former Lightning calendar add-on is now an integral part of the app, as is PGP support, which used to be an add-on called Enigmail. Thunderbird can talk to various groupware calendar and contact servers, including both private and corporate Google Mail accounts, Microsoft Exchange and Office 365, and others.
The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.
According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.
The cross platform email client Thunderbird is to launch an Android version, which will be based on the existing K-9 app.
It has acquired the FOSS Android email client and one-time Register app of the week K-9 Mail, which will become Thunderbird for Android.
Browser maker Vivaldi's email client has finally hit version 1.0, seven years after it was first announced.
Vivaldi Mail, which includes a calendar and feed reader as well as an email client, first arrived in technical preview in 2020. A slightly wobbly beta arrived last year alongside version 4 of the Chromium-based browser. After another year of polish and tidying of loose ends, the company has declared the client ready.
As before, the client is built into the browser, meaning it is unlikely to appeal to many beyond Vivaldi's existing user base. Enabling it is a simple matter of dropping into Settings pages and wading through until the option to enable Mail, Calendar, and Feeds can be selected. Vivaldi has a lot of settings – delightfully customizable for some and downright baffling for others.
Obituary The IT community has suffered a double loss with the passing of two industry icons.
A post in the Facebook group for former Inmos staff says that the company's founder, Professor Iann Marchant Barron, died at the age of 85 last month.
Microsoft has updated its roadmap for Exchange Server and revealed that the next version will arrive in 2025 – four years later than planned.
A post opens with a reminder of Microsoft's previous promise to deliver a new subscription-only version of Exchange in late 2021, then details the many security improvements made to the messaging server during the same year – including plenty in response to the four zero-day vulns that attackers used to plunder data from US-based defense contractors, law firms, and infectious disease researchers.
Microsoft's post doesn't admit that those efforts were the reason it didn't deliver the planned late 2021 update, instead stating the product's developers "continue to focus on security" but are "now also ready to share our long-term roadmap for Exchange Server."
Something for the Weekend WE BRING ENGLISH TO YOUR FEET! reads the email.
That's nice. I knew I was lacking something in the footwear department. A fine pair of bobby dazzlers, no doubt.
No, that can't be right. Let me run it through another translation app. Ah, how about this?
Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.
And they claim that when they analyzed 75 popular internet services, almost half were vulnerable to at least one of these techniques.
Avinash Sudhodanan, an independent security researcher, and Andrew Paverd, a senior researcher at Microsoft, describe their findings in a paper titled, "Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web."
Biting the hand that feeds IT © 1998–2022