Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday January 10 2016, @02:54PM   Printer-friendly
from the those-bastards dept.

The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list.

On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware "exploit kits," lock up their hard drives in exchange for Bitcoin ransom. The exploit used was a version of hackenfreude.

Forbes has recently taken some flack from Soylent News readers for its heavy-handed approach to ad blockers.


Original Submission

Related Stories

Microsoft Warns Windows 7 Has Serious Problems 100 comments

Speaking to Windows Weekly, Microsoft Marketing chief Chris Capossela explained that users who choose Windows 7 do so “at your own risk, at your own peril” and he revealed Microsoft has concerns about its future software and hardware compatibility, security and more.

[...] There’s only one problem with Capossela’s statements: they are complete rubbish. Windows 7 is no less secure than Windows 10 (it will be supported until 2020) and no less compatible with new hardware and software. In fact its far greater market share means it is developers’ priority and has greater compatibility with legacy programmes and peripherals. If Fallout 4 won’t run on your Windows 7 computer, it will be upgrading your components not installing Windows 10 which fixes that.

As for fragmentation, the only issue that creates is for Microsoft and its target of getting one billion devices running Windows 10 within 2-3 years of release.

Original article from Forbes. Article is behind annoying ads and JavaScript.


Original Submission

Meta: Moderations -- SPAM and Otherwise [UPDATED] 147 comments
[UPDATE: 2022-01-05 20:48:08 UTC]
We are aware there are some issues (dead links) where indicated by links to "here" in the story. It seems to be a long-dormant bug in the code. Will address this issue when addressing any other issues raised here. In the meantime, try using the links that appear in the liked-to article, directly, at: ( https://soylentnews.org/faq.pl?op=moderation#spam . Yes, we are aware that those are not the best examples and we are aware that those examples may need to be updated to point to better ones. --martyb

I've been made aware of some discussions about the permitted use of the "Spam" moderation. This has spawned a great deal of discussion among Soylent staff.

What's The Point?
The whole purpose of comment moderation is for an (early) reader of a comment is to provide guidance to later readers. Like "breaking trail" for others when hiking through deep snow. The "Trail breaker" makes it eaier to navigate the path for those who follow. Before we dive into the Spam, it is important to note that it is encouraged to "upmod" more than one "downmods". I receive an e-mail each day that includes the number of each that were performed on the preceding day. I am happy to report that I generally see 2x to 4x more upmods than downmods! YAY!

Where to start?
Start at the at the top of the Left-Hand side of the Main page. There one can find a link to the FAQ. Click that link and scroll down to the link about our Moderation System. Click that link. Located there is a list of items including one on the Spam Mod.

There it states:

Spam Mod

The spam moderation (spam mod) is to be used only on comments that genuinely qualify as spam. Spam is unsolicited advertisement, undesired and offtopic filth, or possibly illegal in general. Spam can come in many forms, but it differs from a troll comment in that it will have absolutely no substance, is completely undesired, is detrimental to the site, or worse.

The spam mod is special in that is removes 10 Karma points from the user that posted the comment. This mod is meant to combat spam and not to be used to punish commenters (when in doubt, don't use this mod). Our goal is to put a spammer in Karma Hell and for them to not be able to get out of it easily. As we do not want this used against non-spamers, we monitor all spam mods to make sure moderators are not abusing the spam mod. If we find a moderator that unfairly applied the spam mod, we remove the mod giving the poster back the Karma points, and the modder is banned from modding for one month. Further bans to the same modder add increasing amounts of ban time. If you inadvertently applied a spam mod, mail the admin and we will remove the spam mod without banning you. Even though we have updated the interface to physically separate the spam mod from the other mods, unintentional modding may still be an unfortunate occurrence.

Examples

If you are unsure of whether a comment is spam or not, don't use the spam mod. Here are some examples of spam:

  • Proper spam. Anything whose primary purpose is advertisement (unless somehow relevant to the discussion/article).
  • HOSTS/GNAA/etc... type posts. Recurring, useless annoyances we're all familiar with.
  • Posts so offtopic and lacking value to even be a troll that they can't be called anything else. See here, here or here for example.
  • Repeating the same thing over and over. This includes blockquoting entire comments without adding anything substantial to them.

These examples cannot cover every type of Spam that you might encounter. Please exercise common sense. We expect all comments to be on-topic or following a clearly defined thread that has developed as part of the discussion. Raising personal complaints or starting completely new discussions unrelated to the main story are certainly off-topic and also possibly trolling. Remember: if in doubt do not use the Spam moderation.

"Sock Mods" and "Mod Bombs":
You may ask: "What's that?". Simply stated, when a logged-in-user, uses one (or more) account(s) to "updmod" other account(s) in unison. This is similar to using other account(s) to "Downmod" one (or more) account(s) in unison. Both practices are Forbidden. As always, when such activity is discovered, Admins notice and discuss it to confirm the observation with other admins. Actions taken can range from a ban on moderations (for increasing durations for repeat offenders) to an outright ban on use of the accounts(s). We have observed such activity happening recently and are preparing to take action. Similarly, when several accounts can be shown to have repeatedly cooperated to prevent someone from expressing their opinion or have given other accounts an unfair advantage then that can also be a form of 'bombing'. My advice is: stop right now. We do not like taking such actions, but it would be unfair to those who DO follow the rules for us to ignore such activities.

Summary:
(1) simply follow Wheaton's Law:

Don't Be a Dick

(2) "Say what you mean, mean what you say, but don't say it mean."

Forbes.com Says "Uncle," Unblocks AdBlock Plus Users 54 comments

I visited Forbes.com today out of force of habit. Ever since few weeks back, I would be greeted with a loading page advertising that since I was using AdBlock Plus I could no longer proceed. However something was different today, the site loaded. Does this mean that we have won a battle against online media outlets tracking our every move across the internet? Or is Forbes merely pulling back due to recent bad press?

[Ed Note: This story ran in Forbes regarding the test.]


[Update: Corrected the initial Forbes URL and trimmed a presumed tracker from the story URL. -Ed.]

Original Submission

Meta: Milestones and Updated Moderation Guidelines 334 comments

Milestone #1:
First off, please join me in congratulating janrinok in posting his 5,400th story! I can attest that it represents a tremendous commitment of time and effort, all freely given to the community. Thanks JR!

Milestone #2:
Secondly, we are a few days away from our team reaching 2.8 billion points towards Folding at Home. Official Team Stats and a more informative summary. As I write this, our team is currently ranked #392 in the world. Please be aware we are up against teams such as AWS, Google, Apple, Facebook, SAP, IBM, Dell, Oracle... you get the idea. Our top contributor is Runaway1956 who has been contributing about 2.5 million points per day. Barring any surprises, he is on track to reach 1 billion points by month's end. Way to go!

Moderation:
Lastly, I need to call the community's attention to some problems with moderations.

For the most part, things have been working out well! Considering the diverse viewpoints — and strong feelings about them — I'd say things are working amazingly well. There are some, however, who are prolific, vocal, strong-willed, and are trying to push their own agenda. They are likely to be unhappy with these changes. Until notified otherwise, feel free to moderate complaints about moderation as "-1 Offtopic" and just move on.

Effective Immediately:
For the benefit of the community who have been acting in good faith all along, staff will commence issuing moderation bans on accounts that have been acting unfairly. Each ban will have been discussed among staff and no unilateral action will be taken. If you receive a ban, it's because a majority of staff are in agreement that unfair moderations have been performed and needed to be dealt with.

Wired.com to Block Ad-Block Users 66 comments

Wired.com is has announced it will block access to ad-block users, who they say make up 20 percent of their traffic. Users can access Wired without ad blockers or subscribe for $1 per week. Wired joins Forbes in blocking access to ad-block users.

Previous coverage:
Forbes Asks Readers to Turn Off Ad Blockers, Then Immediately Serves Them Pop-under Malware
Forbes.com Says "Uncle," Unblocks AdBlock Plus Users


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Phoenix666 on Sunday January 10 2016, @03:01PM

    by Phoenix666 (552) on Sunday January 10 2016, @03:01PM (#287620) Journal

    When I run into stuff like this, I simply drop them from the list of places I go. Since almost all media outlets these days simply wrap up AP Wire articles and pass them off as their own, you don't have to look too hard to find the exact same article elsewhere.

    --
    Washington DC delenda est.
    • (Score: 2) by Nerdfest on Sunday January 10 2016, @03:11PM

      by Nerdfest (80) on Sunday January 10 2016, @03:11PM (#287623)

      Not a big loss in this case either. They're pretty much just an Apple advertising site when it comes to tech for the last couple of years.

      • (Score: 1, Redundant) by frojack on Sunday January 10 2016, @07:22PM

        by frojack (1554) Subscriber Badge on Sunday January 10 2016, @07:22PM (#287716) Journal

        You've seen ads on Forbes? You're doing it wrong.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 2) by Nerdfest on Sunday January 10 2016, @09:29PM

          by Nerdfest (80) on Sunday January 10 2016, @09:29PM (#287790)

          I run ad and script blockers. I'm referring to their 'content'. The Verge is even worse.

          • (Score: 2) by Phoenix666 on Sunday January 10 2016, @10:38PM

            by Phoenix666 (552) on Sunday January 10 2016, @10:38PM (#287847) Journal

            Yeah, the content is the ad. It's the print equivalent of product placements on TV or in film.

            FWIW, the same is rapidly becoming true of a lot of online apps/sites, too. I uninstalled Flipboard on my phone when the ratio of product placements to actual articles exceeded 50%.

            --
            Washington DC delenda est.
    • (Score: 2) by SomeGuy on Sunday January 10 2016, @03:37PM

      by SomeGuy (5632) on Sunday January 10 2016, @03:37PM (#287634)

      If a site has to stoop this low to increase their revenue, then it probably means they are about to go under anyway. So if it was something one visited regularly before, it is time to move elsewhere.

    • (Score: 3, Insightful) by Beryllium Sphere (r) on Sunday January 10 2016, @04:25PM

      by Beryllium Sphere (r) (5062) on Sunday January 10 2016, @04:25PM (#287643)

      That's the truly sad thing. Under Malcolm Forbes they had unique hard-hitting investigative reporting. Their advice about personal finance was as detailed as you'd get from a good financial planner, without the conflicts of interest.

      I dropped my subscription years ago after the fawning pieces about Carly Fiorina and the pro-SCO bias.

      • (Score: 3, Informative) by Phoenix666 on Sunday January 10 2016, @10:35PM

        by Phoenix666 (552) on Sunday January 10 2016, @10:35PM (#287845) Journal

        Yes they did, and I was a regular reader (though not subscriber, because as a student I had better things to spend my money on like food). But I eventually reached the same conclusion you did. Same thing with the Economist, which started to go downhill when they hired an American as Editor-in-Chief.

        Now that I'm an adult and have money, I have subscribed to Stratfor, which is a much, much better source of actionable information. But there have been a growing number of citizen journalists/bloggers who have broken important stories, too. That trend may yet grow and displace the old media entirely.

        It's funny, because in the old days there's no way an independent citizen journalist could have competed with the venerable outlets, even if they had both had access to the same distribution networks, because the latter had reputation. Now they've entirely lost that, and they have themselves entirely to blame. I wouldn't wipe my ass with a copy of the New York Times anymore, not after Judith Miller's selling the Iraq War with the full support of the publisher, and the Jayson Blair scandal. I see their people everywhere in NYC begging people to subscribe, and nobody wants to have anything to do with them. I never see print copies of their paper anywhere, and I live in a progressive neighborhood in Brooklyn stuffed to the gills with people who work in Publishing, Advertising, NonProfit, Philanthropy, etc (that is, nerdy people who like to read a lot).

        So, now the reputation of the indy blogger = the reputation of the Grey Lady, so why pay for the latter, being pretty damn sure it's paid media, when I have a reasonable belief that corporate bigwigs wouldn't bother to buy off an indy blogger?

        --
        Washington DC delenda est.
    • (Score: 5, Informative) by bzipitidoo on Sunday January 10 2016, @05:01PM

      by bzipitidoo (4388) on Sunday January 10 2016, @05:01PM (#287648) Journal

      Forbes is heavily biased anyway. The entire mainstream media has become pretty bad for ignoring big stories, and putting heavy handed spin on others. Case in point was the coverage of the Occupy Wall Street movement, calling them a bunch of disorganized, confused youth. In their coverage of piracy, they show they can't get past what they perceive is their own self interest, and will have laughable debates in which the 2 sides are "extreme copyright" vs "even more extreme copyright". Saw that on PBS, which I thought was better than that. There was of course the huge mistake the NY Times made with the WMDs Iraq supposedly had, yet incredibly clueless coverage of the Middle East hardly ends with that. Millions of Iraqi dead aren't even a statistic. Even Stalin gave dead millions that much. One of the most remarkable things about the Obama vs Romney presidential debates was the deliberate ignoring of perhaps the biggest issue of our times, Climate Change. Given the Republican positions that Climate Change may be a liberal conspiracy, not caused by man, or not a problem, or a job killer, it seems most likely that it was their idea to ban questions on that topic. If so, why couldn't the media find the power to overrule them on that? Because the mainstream media is their lapdog now? But that's hardly the only problem with political coverage. What about news on other political parties? Heck, even Bernie Sanders, running as a candidate for one of the 2 anointed parties, doesn't get coverage proportional to his popularity. They prefer to cover the dramatic and outrageous, which for now is Trump.

      Like Fox news, Forbes takes it a step further with an additional slant towards the right wing.

      • (Score: 1, Troll) by khallow on Sunday January 10 2016, @06:08PM

        by khallow (3766) Subscriber Badge on Sunday January 10 2016, @06:08PM (#287680) Journal

        Millions of Iraqi dead aren't even a statistic. Even Stalin gave dead millions that much.

        Given that those millions of Iraqi dead didn't actually exist, that seems a proper treatment.

        One of the most remarkable things about the Obama vs Romney presidential debates was the deliberate ignoring of perhaps the biggest issue of our times, Climate Change.

        Or perhaps not the biggest issue of our times. I still see a remarkable lack of supporting evidence for the supposed importance of climate change.

        Given the Republican positions that Climate Change may be a liberal conspiracy, not caused by man, or not a problem, or a job killer, it seems most likely that it was their idea to ban questions on that topic.

        How do "positions" "ban questions"?

        If so, why couldn't the media find the power to overrule them on that?

        The media has the power to decide Republican propaganda? Right.

        While I think you had a few good points, there's just too much here that isn't even wrong.

        • (Score: 0) by Anonymous Coward on Monday January 11 2016, @04:24AM

          by Anonymous Coward on Monday January 11 2016, @04:24AM (#287971)

          Below, the same account refers to 5:1 odds as 50%...

          • (Score: 1) by khallow on Monday January 11 2016, @09:20AM

            by khallow (3766) Subscriber Badge on Monday January 11 2016, @09:20AM (#288053) Journal
            Eh, I think it's just a mangled reply. I believe bzipitidoo is saying the odds are something like 4:6 or 5:7 (not 4:1 to 7:1) which is more than 50%.
            • (Score: 2) by bzipitidoo on Tuesday January 12 2016, @03:45AM

              by bzipitidoo (4388) on Tuesday January 12 2016, @03:45AM (#288509) Journal

              That's right. 4 to 6 against means there are 4 chances out of 10 that Hillary will not be our next president.

              As to Climate Change, most scientists and the people who still respect science are convinced, convinced by the facts, that Climate Change is real, man-made, and a problem we need to do something about. Just what measures to take is the question. You don't have to believe it to acknowledge that because so many accept it as fact, it is therefore an important issue and should have been debated.

              Anyway, which seems more likely to you? A bunch of politicians and Big Oil spokespeople who are known to engage in propaganda and lying and who have massive conflicts of interest are correct and it's really the scientists who are corrupt or incredibly stupid and incompetent? Or scientists are correct and the politicians and Big Oil companies are lying or wrong or both?

      • (Score: 5, Informative) by Hairyfeet on Sunday January 10 2016, @09:49PM

        by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Sunday January 10 2016, @09:49PM (#287805) Journal

        Thank Ronnie Raygun and deregulation. Wanna know why so many websites put on the exact same "pro government, pro corporate, anti poor and middle class" spin? Follow the money. You'll be surprised how few owners there really are when it comes to main stream media, its owned by a few mega corps, most of which have heavy ties to either the defense industry or government contracts. Yes the Internet gives us alternate news and views but how much of the actual voting populace gets its news from the net versus mainstream TV and radio? Sadly very little which is how a handful of uber rich at the very top can completely control the public narrative.

        BTW you want an easy way to see which ones are complete lap dogs of the government, an easy yard stick to measure them with? Go look up what stories they were pushing the day after Wikileaks dropped those docs showing the US government covering for a PMC selling little boys as rape toys in Afghanistan to get more contracts along with the video of the chopper pilot laughing and joking as they blew that guy and his kids away, if their main story the next day was "Assange didn't wear a condom so he must be a rapist!" they are owned by the US government as that was first pushed by a state dept spokesman, if they actually ran stories on the child sex slave ring and the chopper video? Then you can be assured they aren't completely controlled by corporate/state.

        The only one I personally saw pass that test? PBS Frontline who completely ignored the state dept bullshit and instead ran a story on "Bacha bazi" (the "tradition" of using little boys as sex slaves in Afghanistan) and how it tied into the PMC along with a story on the chopper video and how technology makes killing real people feel like a video game. Everybody else? "He didn't wear a condom so rape"...thanks Pravda, tell us next how that four alarm fire made way for a glorious new tractor factory why don't ya?

        --
        ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
      • (Score: 2) by Phoenix666 on Sunday January 10 2016, @10:22PM

        by Phoenix666 (552) on Sunday January 10 2016, @10:22PM (#287839) Journal

        Coverage of Bernie Sanders has suffered for a couple reasons. First, Obama's Attorney General has not gone after the former Secretary of State for her crimes, so Bernie hasn't had a chance to shine in the media by way of contrast (something he is himself partly responsible for by not hitting Hillary on that subject). Second, the Clintons have called in all their chips with their allies in the media and government to clear her path to the Democratic nomination, such that she has been the anointed one from the beginning. A follow-on effect is that the Chairman of the DNC, Debbie Wasserman Schultz, is a Clinton crony. She has held the number of Democratic debates to a handful and scheduled them on weekends when no one will watch, so primary voters won't be reminded how repugnant a candidate she is.

        Consequently the spotlight has been ceded to the Republicans, in whose field the guy dominating is the only one who understands that the Presidency in 2016 has degenerated into a reality TV show. Americans know in their gut that like all reality shows, the outcome is fore-ordained and nothing they want or say matters. So they're drawn to spectacle, and Trump is delivering.

        Bernie is the only shot the Democrats have to retain the Whitehouse, because he's an outsider and he's speaking to bread and butter issues that matter to 99% of Americans. He still has an uphill climb after the betrayal of the Obama Whitehouse to convince people he can deliver.

        But if it comes down to Trump vs. Hillary, he'll win in a landslide because he understands where the American people are at now, far better than Hillary does.

        --
        Washington DC delenda est.
        • (Score: 2) by bzipitidoo on Monday January 11 2016, @01:29AM

          by bzipitidoo (4388) on Monday January 11 2016, @01:29AM (#287893) Journal

          Hillary hasn't won the primary yet, but the bookies are already giving her better than 50% odds of winning the election. Been seeing 4 to 6 and 5 to 7 against.

          Polls show her beating Trump. Not as much as Bernie would beat Trump, but they figure she'll still take him.

    • (Score: 1) by o_o on Sunday January 10 2016, @05:38PM

      by o_o (1544) on Sunday January 10 2016, @05:38PM (#287665)

      When I run into stuff like this, I simply drop them from the list of places I go.

      I completely agree: I do not need Forbes into the Universe, and I am pretty sure that there is a great crowd that feels the same. A great thing with the internet is that you can banish someone without stepping on their own freedom (and make yourself the bad guy): every IP associated with them can be blocked in your system, forever. Go Forbes, you are being ignored.

      The proverbial scorpion comes to mind: "Hey there buddy, how about dropping that guard of yours for a moment? I promise I will never sting YOU!

    • (Score: 3, Funny) by isostatic on Sunday January 10 2016, @05:53PM

      by isostatic (365) on Sunday January 10 2016, @05:53PM (#287670) Journal

      That's unfair!

      They wrap Reuters wires too!

  • (Score: 2) by kurenai.tsubasa on Sunday January 10 2016, @03:10PM

    by kurenai.tsubasa (5227) on Sunday January 10 2016, @03:10PM (#287622) Journal

    I turned off Ghostery among other things, and the page that begs you to turn off ad blocking loaded about 40 different trackers before letting me in. Fortunately, the main site only loaded about 30 trackers. O.o;;

    Suddenly I want to hack forbes.com, not to disable the ad blocker blocker, but just so that it says, “Disregard that, I suck cocks” under the part about being an ad-lite experience.

    That is definitely going on the list of websites not to visit when booted into Windows!

    • (Score: -1, Flamebait) by Anonymous Coward on Sunday January 10 2016, @03:16PM

      by Anonymous Coward on Sunday January 10 2016, @03:16PM (#287626)

      Disregard that, I suck cocks.

      Sorry, force of habit.

      -- OriginalOwner_ [soylentnews.org]

      • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @07:16PM

        by Anonymous Coward on Sunday January 10 2016, @07:16PM (#287714)

        Your pattern of bad behavior, repeatedly injecting noise into threads for weeks:
        December 30 [soylentnews.org]
        December 30 [soylentnews.org]
        December 31 [soylentnews.org]
        January 04 [soylentnews.org]
        January 05 [soylentnews.org]
        January 08 [soylentnews.org]
        January 08 [soylentnews.org]
        January 10 [soylentnews.org]

        Some are being marked troll and flamebait. They are all clearly SPAM.

        • (Score: -1, Flamebait) by Anonymous Coward on Sunday January 10 2016, @08:07PM

          by Anonymous Coward on Sunday January 10 2016, @08:07PM (#287739)

          You seem a bit mad.

          -- OriginalOwner_ [soylentnews.org]

    • (Score: 2) by Runaway1956 on Sunday January 10 2016, @03:22PM

      by Runaway1956 (2926) Subscriber Badge on Sunday January 10 2016, @03:22PM (#287627) Homepage Journal

      Now and then, I'm curious enough about an article that I fire up a VM, and c/p the address into a browser there. Read the article, clear cookies, shut the browser down, and watch Better Privacy delete a super cookie.

      It doesn't happen very often. Mostly, if the site won't cooperate with my browser, I just don't bother reading it. Mostly, a Google search with some of the terms in the article will turn up some other article using the same sources for it's story.

      --
      "no more than 8 bullets in a round" - Joe Biden
    • (Score: 3, Interesting) by Runaway1956 on Sunday January 10 2016, @04:28PM

      by Runaway1956 (2926) Subscriber Badge on Sunday January 10 2016, @04:28PM (#287645) Homepage Journal

      Forget about the "I suck cocks" thing. Some of us like cocksuckers. Instead, put "I eat shit". No one likes a shit eating dog, do they?

      --
      "no more than 8 bullets in a round" - Joe Biden
      • (Score: 1) by Noldir on Sunday January 10 2016, @09:14PM

        by Noldir (1216) on Sunday January 10 2016, @09:14PM (#287778)

        Please keep in mind rule 34 and having said that, in so not gonna Google that...

        • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @10:17PM

          by Anonymous Coward on Sunday January 10 2016, @10:17PM (#287836)

          2girls1cup

          • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @10:21PM

            by Anonymous Coward on Sunday January 10 2016, @10:21PM (#287838)

            Filing this one under "Asking for it"

    • (Score: 3, Informative) by gnuman on Sunday January 10 2016, @05:05PM

      by gnuman (5013) on Sunday January 10 2016, @05:05PM (#287649)

      That is definitely going on the list of websites not to visit when booted into Windows!

      Except now there are 100% javascript based exploits.

      http://www.computerworld.com/article/3018972/security/ransom32-first-of-its-kind-javascript-based-ransomware-spotted-in-the-wild.html [computerworld.com]

      • (Score: 4, Insightful) by sjames on Sunday January 10 2016, @05:34PM

        by sjames (2882) on Sunday January 10 2016, @05:34PM (#287660) Journal

        It seems unlikely that it is actually cross platform. For one, according to what I've seen, it comes as a self-extracting RAR (not cross platform) and drops it's payload in the start folder so it runs when you log in. That is very much a Windows only thing.

        But in general, it's telling that while we spend billions hunting funny plants and people with the audacity to carry 4.1 oz of shampoo, we have seen no significant effort to hynt down and kill the people cranking out cryptolocker and clones.

        • (Score: 2) by Hyperturtle on Sunday January 10 2016, @08:46PM

          by Hyperturtle (2824) on Sunday January 10 2016, @08:46PM (#287767)

          But--the people that want access to your stuff don't want your attention drawn to this, which is why they have a "War on Terror" and a "War on Drugs" and not a "War on Cybercriminals".

          They'd get shot.

        • (Score: 2) by Hairyfeet on Sunday January 10 2016, @10:24PM

          by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Sunday January 10 2016, @10:24PM (#287840) Journal

          Sorry but malware guys have already figured out Linux users are trivial to add so they are cooking up cross platform malware [zdnet.com] that simply detects which OS you are on and then grabs the correct exploit. This means you can't go by what you get if you visit the malware on a Windows box as the payload will change if you are on OSX or Linux.

          You gotta give them credit, it looks like it really didn't take much to add Linux support, just a few lines.

          --
          ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
          • (Score: 3, Informative) by sjames on Sunday January 10 2016, @10:37PM

            by sjames (2882) on Sunday January 10 2016, @10:37PM (#287846) Journal

            Sure, it is possible to write a trojan for Linux, but the one you referred to required the user to actually run the app after downloading. The Javascript was nothing more than the standard stuff you'll find when downloading from google, sourceforge, or anywhere else that offers binaries for more than one platform.

            A multi-platform drive-by is possible, but the PARTICULAR bit of malware in question doesn't appear to be an example of it. Building it from Javascript isn't enough to make that happen.

            That doesn't mean I'm willing to just run any old thing an advertiser cares to toss my way.

          • (Score: 1, Funny) by Anonymous Coward on Monday January 11 2016, @12:49AM

            by Anonymous Coward on Monday January 11 2016, @12:49AM (#287886)

            as the payload will change if you are on OSX or Linux.

            Not if your browser ident string is set to Win95!!

  • (Score: 5, Insightful) by SomeGuy on Sunday January 10 2016, @03:29PM

    by SomeGuy (5632) on Sunday January 10 2016, @03:29PM (#287629)

    As a response to this, I recommend that all tech savvy people make sure that ad blockers are installed on as many computers used by average users as possible.

    And, if possible, remove any easily accessible way to disable the ad blockers.

    If enough people used proper ad blockers and did not or could not disable them, this might remove some incentive for companies to use excessive or malicious advertising.

    These days it is mind boggling that anyone would not use an ad blocker.

    • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @03:33PM

      by Anonymous Coward on Sunday January 10 2016, @03:33PM (#287631)

      Ive offered and been refused before. Some people like seeing all the ads, or so they say.

      • (Score: 3, Insightful) by SomeGuy on Sunday January 10 2016, @03:49PM

        by SomeGuy (5632) on Sunday January 10 2016, @03:49PM (#287637)

        >Ive offered and been refused before. Some people like seeing all the ads, or so they say.

        Usually users just don't want people changing things around on their computer. They get enough of that from Microsoft etc. these days.

        They would probably refuse an antivirus update or a service pack, given the choice. And given how abusive software vendors are with updates now, it is understandable.

        So slip it in as a browser update or something so they can blame someone else :)

        • (Score: 1, Touché) by Anonymous Coward on Sunday January 10 2016, @10:16PM

          by Anonymous Coward on Sunday January 10 2016, @10:16PM (#287835)

          So slip it in as a browser update or something so they can blame someone else :)

          So... fight malware techniques with malware techniques? Perhaps down that path lies madness (and lies).

        • (Score: 2) by fido_dogstoyevsky on Monday January 11 2016, @04:43AM

          ...So slip it in as a browser update or something so they can blame someone else

          "Beware of the dark side. Anger, fear, aggression; the dark side of the Force are they. Easily they flow, quick to join you in a fight. If once you start down the dark path, forever will it dominate your destiny, consume you it will." A purveyor of Malware you will become!!

          --
          It's NOT a conspiracy... it's a plot.
    • (Score: 3, Interesting) by Runaway1956 on Sunday January 10 2016, @04:29PM

      by Runaway1956 (2926) Subscriber Badge on Sunday January 10 2016, @04:29PM (#287646) Homepage Journal

      Install the adblocker on the router. Problem solved. Few "average users" even know how to log into their router, and far fewer than that have any idea how to configure them.

      --
      "no more than 8 bullets in a round" - Joe Biden
      • (Score: 3, Interesting) by Hairyfeet on Sunday January 10 2016, @10:33PM

        by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Sunday January 10 2016, @10:33PM (#287844) Journal

        Interesting? Really mods? He might as well have said "Install Ubuntu on the router" as both are equally as plausible. News Flash, the majority of home routers? 1.- You cannot "install" anything, as most do not support DD-WRT or Tomato, 2.- Have no simple way to import IP address lists, in fact 3.- Many do not allow blocking by IP address at all, only by website name under a label such as "family filter".

        Its obvious you do not have experience with home routers or you would know the majority simply do not have the cycles nor the tools to do what you suggested. Hell go to Newegg and see how many are still being sold that are IP V4 only in 2015, their ARM chips are simply too weak and the memory too limited to run IP V6, much less run huge block lists.

        --
        ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
        • (Score: 2) by Runaway1956 on Sunday January 10 2016, @11:44PM

          by Runaway1956 (2926) Subscriber Badge on Sunday January 10 2016, @11:44PM (#287867) Homepage Journal

          Netgear and Linksys are fairly common home routers. If your customer doesn't own one, recommend one. You set it up. Or, you just sell him one, already flashed and set up for use. It isn't like you have to sell them a thousand dollar enterprise router to accomplish this little thing.

          --
          "no more than 8 bullets in a round" - Joe Biden
          • (Score: 2) by Hairyfeet on Monday January 11 2016, @12:02AM

            by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Monday January 11 2016, @12:02AM (#287875) Journal

            Uhhh most Netgear and Linksys don't support installing WW-DRT or Tomato either, wanna try again? BTW the majority of routers out there in actual homes? Trendnet/Zonenet, and most folks aren't gonna go drop $70+ on a new router when a simple .BAT and GWX control panel can fix the issue for $0.

            --
            ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
            • (Score: 2) by Runaway1956 on Monday January 11 2016, @01:47AM

              by Runaway1956 (2926) Subscriber Badge on Monday January 11 2016, @01:47AM (#287895) Homepage Journal

              You're kinda missing the point. I know that you're as hardheaded as I am, so I'm probably wasting time, but let's try one more time.

              Linksys and Netgear do support third party firmwares. It's kinda up to you to know which ones support the particular firmware you wish to use. And, it's up to you to recommend those routers to your customers. Are they going to spend upwards of $200 on the best of those routers? You say no, but I've witnessed plenty of people dragging their machines off to a shop, to spend $150 to $500 to "fix" those machines, when all that was required was a simple fix.

              You can honestly recommend a $200 router, properly configured, to block ads and malware, and anything else you deem proper to block. The router can also be configured to run a VPN, of course. You can optionally block the Win10 BS. You can recommend this in good conscience, knowing that every machine on the customer's network will be protected - not only the machine that you are servicing. If the customer declines the upgraded router, fine. If he accepts, you pocket a couple dollars profit for supplying it, and configuring it.

              Options are options - offering these options and services can reduce your load of headaches, and at the same time, increase your profit marginally. It will always be the customer's decision, of course, but offering him the option can't possibly hurt you, can it?

              --
              "no more than 8 bullets in a round" - Joe Biden
              • (Score: 2) by Hairyfeet on Monday January 11 2016, @05:43PM

                by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Monday January 11 2016, @05:43PM (#288278) Journal

                And again you are missing MY point, let me highlight why would they spend $100+ on a new router when there is a fix that cost $0 and takes all of 4 seconds to implement? And if you are talking about doing all this to take the spyware that is Windows 10 then your post just shows its a worthless OS with the actual "cost" of owning the OS more than every previous version for an OS that honestly performs worse in just about every metric.

                --
                ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
                • (Score: 2) by Runaway1956 on Monday January 11 2016, @07:15PM

                  by Runaway1956 (2926) Subscriber Badge on Monday January 11 2016, @07:15PM (#288312) Homepage Journal

                  I'm certainly not arguing about the "value" of Win10 - My only argument is that implementing spyware, adware, and malware blocking on the router has it's own value. If a customer should happen to need a new modem/router, it is well worth the investment to recomment one that can perform these functions. Even if the customer doesn't really "need" a new router, but he simply wishes to upgrade, you can recommend this. It's an idea with value, no matter what OS that customer happens to be running. It benefits me, primarily because my crappy 2 Mb connection won't support the garbage adware downloading to as many as six computers at a time. I don't own all of those computers, much less the telephones and tablets that family members use while at my house. Therefore, I can't install ad blocking or alter HOSTS files on all of them. But, I do own the router, and I block all that crap before the requests ever go out from all those devices. Meaning - even when two or three people are using my connection, I still have more bandwidth that I would have all alone, without adblocking and the rest.

                  Yes, Win10 sucks worse than any OS that has ever preceded it, but Win10 isn't the only reason to control the connections going through your router. It's just one of the best reasons to block the crap.

                  --
                  "no more than 8 bullets in a round" - Joe Biden
            • (Score: 2) by Grishnakh on Monday January 11 2016, @05:19PM

              by Grishnakh (2831) on Monday January 11 2016, @05:19PM (#288261)

              Actually, FWIW, I have a pretty nice TrendNet router that runs DD-WRT just fine.

              That said, I think the idea of doing blocking at the router level is pretty stupid. Modern ad-blocking requires no only blocking domains but also looking at the HTML code, and that's something that's much easier done inside the browser with Ublock Origin. Also, installing and updating Ublock Origin is simple and easy and keeping it updated is automatic; keeping software on the router up-to-date isn't. Finally, the last thing I need is my router wasting tiny-ARM CPU cycles on blocking when it needs to be as high-performance as possible for my VoIP/telephony needs.

              • (Score: 3, Informative) by Hairyfeet on Tuesday January 12 2016, @06:27AM

                by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Tuesday January 12 2016, @06:27AM (#288540) Journal

                I agree 100% and would only add why would I slam the weak ass little ARM chips in the average home router when even my users on 10 year old systems have more cycles than they can ever use thanks to how insane the IPC on a multicore X86 chip is?

                Hell I replaced the Q6600 I was using at the shop for my late father's Phenom I 9600 quad for sentimental reasons, figuring it would probably be struggling, what did I find? Even with multiple downloads and a pile of websites running AND background music blasting I still rarely went above 50% CPU and never once had the auto OC kick in, so why would I want to slam the ARM chip so hard its about to melt to do router blocking when you have programs like uBlock and ABP that will do it on the system where there is plenty of MHz left unused?

                  Its easy to update on the PC, won't hurt the system performance, not to mention as you pointed out you slam the router the whole network goes to shit, so it just doesn't make sense to go through all that to do it on the router.

                --
                ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
    • (Score: 2) by FakeBeldin on Monday January 11 2016, @04:50PM

      by FakeBeldin (3360) on Monday January 11 2016, @04:50PM (#288226) Journal

      Indeed.
      I've recently begun telling people that ad blockers are the digital equivalent of condoms.
      Sure, it might take a while before you catch something, but boy, do the sites you sleep with^W^Wvisit sleep around with advertisers!

      Friends wouldn't let friends go in without a condom over their browser.

  • (Score: 3, Insightful) by Marand on Sunday January 10 2016, @03:49PM

    by Marand (1081) on Sunday January 10 2016, @03:49PM (#287636) Journal

    I can't say this is surprising at all, it's precisely the reason why I use NoScript and/or ad blockers. We get force-fed the idea of "don't run untrusted executables" early on, and it's good advice, but then we get online and told nevermind, it's okay here, allow executable code from any dipshit with a webpage, because otherwise we might deprive that person of the 0.001¢ it would generate in ad revenue. Furthermore, the advertisers have consistently proven that they are either unable or unwilling to get their own shit under control, so there's absolutely no reason to trust code from them.

    Like I said in the other comment, there's no way in hell I'm disabling adblock or noscript for some site's advertisers to run whatever the hell they want on my system. Not because the adverts bother me, but because they're distributed in the most unsafe way possible, and the advertisers have had no reason to change that because there's no liability for them. The only way for things to change for the better is if everyone starts blocking the bullshit so that their only way to remain viable is to serve static ads again.

    None of this is new, though. It's been the same battle for years, ever since advertising moved from animated gifs into the realm of sleazy JS tricks. It's just gotten bad enough that everyday users are noticing finally. What was new, and the thing I found most surprising about Forbes' aggressive anti-adblock stance, is that they somehow also screwed over people using browser privacy modes. I don't use Chromium regularly, just for one-off site visits, and it's set up to always start incognito. Somehow, incognito mode completely broke Forbes' anti-adblock page redirect, turning it into an infinite loop of loading the same "turn off adblock you pleb" page over and over.

  • (Score: 4, Funny) by wonkey_monkey on Sunday January 10 2016, @04:14PM

    by wonkey_monkey (279) on Sunday January 10 2016, @04:14PM (#287641) Homepage

    Pop-under Malware

    Not as bad as pop-mal underwear.

    --
    systemd is Roko's Basilisk
    • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @04:26PM

      by Anonymous Coward on Sunday January 10 2016, @04:26PM (#287644)

      dad-bad underwear?

      • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @10:12PM

        by Anonymous Coward on Sunday January 10 2016, @10:12PM (#287830)

        Captain Tightpants! (Mal)

  • (Score: 0) by Anonymous Coward on Sunday January 10 2016, @04:22PM

    by Anonymous Coward on Sunday January 10 2016, @04:22PM (#287642)

    This would have been no problem if everybody would have moved to MEOR safe windows 10 already ^_^
    future forbes-ess nag:"please install windows 10 or disable ad-blocker"?
    -
    what's the use to install malware if the OS all by itself fulfills this role perfectly already?

  • (Score: 3, Interesting) by gman003 on Sunday January 10 2016, @05:42PM

    by gman003 (4155) on Sunday January 10 2016, @05:42PM (#287666)

    Why don't incidents like this lead to criminal and/or civil charges? (I'm not a lawyer, no idea which system this would fall under). Malware is illegal, and at least the advertising distributor is clearly guilty of negligence, perhaps Forbes themselves. Since they were paid for the service, you might even be able to make aiding-and-abetting charges stick. Even if you can't track down and arrest the actual beneficiaries of the malware, slapping a few advertising companies with heavy fines ought to get them to start paying more attention to what they distribute.

  • (Score: 5, Interesting) by BK on Sunday January 10 2016, @06:06PM

    by BK (4868) on Sunday January 10 2016, @06:06PM (#287678)

    What's really needed here is civil liability. If Forbes had to pay to clean this mess up on every impacted system, they'd pay more attention to what they did and how.

    --
    ...but you HAVE heard of me.
  • (Score: 3, Insightful) by MichaelDavidCrawford on Sunday January 10 2016, @06:53PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Sunday January 10 2016, @06:53PM (#287707) Homepage Journal

    Often when I try to read an article, very first thing I get a popup that says "Like Us On Facebook!" Well how do I know I like you if I haven't read the article first?

    Pages are slower to load than in the days of the dialup modem. The speed of the connection doesn't help; it's all the DNS lookups for all the tracking cookies.

    I'm going to take up reading books.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 3, Informative) by isostatic on Sunday January 10 2016, @09:41PM

      by isostatic (365) on Sunday January 10 2016, @09:41PM (#287799) Journal

      it's all the DNS lookups for all the tracking cookies.

      Sounds like you need a HOSTS file!

      APK will help you [neowin.net]

  • (Score: 2) by darkfeline on Sunday January 10 2016, @11:58PM

    by darkfeline (1030) on Sunday January 10 2016, @11:58PM (#287874) Homepage

    I have no love for Forbes myself, but the blame really falls on the ad companies. A site wants to support itself on ad revenue, so it calls on an ad company. The ones actually coming up with the malware and annoying ads are the ad companies, who aren't properly vetting the ads they sell.

    So it's the site's responsibility to choose a responsible ad company, you say? There's no such thing. Capitalism has done a fine job of driving out any non-malicious ad companies. The best you could do is Google Adwords or whatever ad service they offer.

    Ads shouldn't exist in the first place, you say? I'm not so sure about that. There are ads on some sites that I don't block (because they are hosted first-party) and I don't mind (because they are a small static image off to the side). If the site uses those to make money, so be it; I've no irrational hatred of ads as a socially friendly marketing concept.

    --
    Join the SDF Public Access UNIX System today!
    • (Score: 1) by mrsam on Monday January 11 2016, @03:13AM

      by mrsam (5122) on Monday January 11 2016, @03:13AM (#287937)

      So it's the site's responsibility to choose a responsible ad company, you say? There's no such thing.

      That is not a valid excuse for serving up malware. The buck stops with the web site.

      Of course, I bear no illusion that:

      1) Someone will sue Forbes, or anyone else for infecting them with malware, and

      2) They will win

      But if someone is going to get sued, the proper entity to bear the liability would be the primary web site. It is the primary web site that transmitted the link that set off the chain of events that resulted in malware infestation, so they should be held fully liable. If they do, and they wish to take it up and then, in turn, sue their ad provider, that's their business, and their decision to make.

      If a defective part in a Honda results in injury, it's going to be Honda that gets sued, and not a third party manufacturer that supplied the part to Honda. Even if it's true that the third party manufacturer delivered parts that failed to meet Honda-specified requirements, and that was the direct cause of the injury, it will still be Honda that gets sued. It is their responsibility to do due diligence and verify the quality of the parts they source from other third parties, and install in their vehicles.

      It's certainly possible that an aggressive lawyer, in this hypothetical situation, would sue both Honda and their supplier. But the point is that Honda will always be on the hook. Because they are still responsible for their due diligence, in their cars.

      Similarly, it's the primary web site's responsibility and due diligence to ensure that the content they serve directly, to a web browser, does not directly or indirectly attempt to serve malware. If they use a third party provider, it's their due diligence to verify that the third party provider will not do that. How could the primary web site verify that? That shouldn't be anyone's problem other than the primary web site's.

      • (Score: 2) by BK on Monday January 11 2016, @03:38AM

        by BK (4868) on Monday January 11 2016, @03:38AM (#287953)

        The reason no-one has been sued for this type of thing yet is that it is really unclear who is responsible. And when it is, the clearly responsible party is out of the jurisdiction of the party harmed. But this case could different. We need a car analogy:

        Car accidents happen every day because of bad drivers like you. I say you because my driving is perfect. But sometimes, in dense traffic, a bad driver, allows someone to make a turn across traffic. They wave them in.. "It's OK. I'm stopped. Go ahead." And they pull across your lane and into the next and are immediately involved in an accident. It turns out that the (moronic) person who waves the entering traffic through is responsible for their misadventure. Really. [claimsjournal.com]

        So it may be that directing users acting prudently by running an ad blocker, an entity may become liable for the result of following those instructions. But we'd have to feed lawyers to find out.

        --
        ...but you HAVE heard of me.
    • (Score: 0) by Anonymous Coward on Monday January 11 2016, @11:22AM

      by Anonymous Coward on Monday January 11 2016, @11:22AM (#288079)

      I have no love for Forbes myself, but the blame really falls on the ad companies.

      Bullsh*t. Imagine a paper newspaper outsourcing their ads. A few days later they run a full page ad for joining ISIS.

      Do you think the editor in chief will have a job after that? Do you think the board will accept the "blame the ad companies" excuse?

      • (Score: 0) by Anonymous Coward on Monday January 11 2016, @03:47PM

        by Anonymous Coward on Monday January 11 2016, @03:47PM (#288172)

        Depends: Are you talking about the the paper or I-device edition?

        With the paper edition, the news-paper is still the publisher with editorial control. In the case of the i-edition, Apple is the publisher with editorial control.