Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

BlackFrog to Take up BlueFrog's Flag

Posted by Zonk on Fri May 26, 2006 08:56 AM
from the internet-routes-around-stupidity dept.
Spam Security The Internet
Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."
+ -
story

Related Stories

[+] Blue Security Gives up the Fight 672 comments
bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

BlackFrog to Take up BlueFrog's Flag 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Link (Score:4, Informative)

    by Anonymous Coward on Friday May 26 2006, @08:58AM (#15409348)
    Link to the project website. [okopipi.org]

    • Re:Link (Score:3, Interesting)

      by WhiplashII (542766)
      To get the same effect in a perfectly legal and unstoppable way, alter Mozilla and other email clients so that when you click on the junk button it automatically goes and fills out form, etc - without accessing a separate server. That way, they get a response from each person solicited or spammed (prefectly reasonable) and they have to sort through the responses to find the ones that fell for the scam.

      Many people will say that if you do this the spammers will know your address. My response: 1) they obviou

      • Re:Link (Score:3, Interesting)

        by Smidge204 (605297)
        1) they obviously already know your address

        Maybe, maybe not. They have your e-mail in a list somewhere, but they don't know if it's still valid. Sending a real response proves that it IS valid and IS checked actively, which increases its value when sold to advertisers or sold/traded to other spammers.

        NOT replying puts a little "?" on the message, because they know the address is probably still valid (didn't bounce) but there was no reply (maybe nobody checks it)?

        I think the better solution would be to send

  • Poisonous frogs? (Score:5, Insightful)

    by RingDev (879105) on Friday May 26 2006, @08:58AM (#15409350) Homepage Journal
    How long until some hacker poisons the peer system into spamming a legitimate site?

    -Rick
    • FTA:
      Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.

      Sounds like the same idea as Blue Security, only they're hiding. Probably will result in the same outcome. Massive DDoS on their "hidden" servers.
    • That's the whole point of an analysis before sending opt-out messages from all members. I am not familiar with Black Frog intended function, but if a certain percentage of their members gets similar messages it's a fair bet it is spam. A FrogHerder must look at the message to ensure it is sufficently spammy, before action - this may even be legal somewhere in the world.

      • You can't trust the "members". Say that a savvy black hat creates many "tainted-members". What happens if the "tainted-members" all report that a legitimate site is spamming?

        I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.

        • Re:Never trust the users (Score:4, Insightful)

          by sk8king (573108) on Friday May 26 2006, @10:20AM (#15409928)
          >I think one method for this to work is for each suggested target be evaluated by each member. The >member has to agree that this is a valid target before his account participates in the attack.

          With a certain threshold of participants required before the attack even takes place. If there are 100 members, perhaps 20 would need to agree on the item in question being spam. 15 wouldn't be enough to initiate a retaliatory opt-out.

          I wonder how much of the "background" noise on the internet is this sort of crap floating around....DNS requests for viruses, port scanning for viruses, traffic in the form of spam, spam responses, systems to deal with spam....probably more than anyone realizes.

  • seems insecure (Score:3, Insightful)

    by robinesque (977170) on Friday May 26 2006, @08:59AM (#15409360) Homepage
    Sounds sort of insecure for a project like this to be openly editable to the public via a wiki and p2p network.

  • good idea (Score:3, Insightful)

    by Amouth (879122) on Friday May 26 2006, @09:00AM (#15409361)
    just too bad that someone couldn't get this into the BlueFrog stuff before it died.. atleast then they would have a large userbase.. but if the Blue peps are the ones that look at the e-mails to make sure someone isn't being evil and submitting normal HAM - how is that going to work without master to authorize the clients???

  • Once you go black, you never go back. (Score:5, Informative)

    by DigDuality (918867) on Friday May 26 2006, @09:02AM (#15409370)
    Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.
  • I hope that people from bluefrog will release source of their utility. This new initiative could surely benefit from their sourcecode.

  • Spamming the spammers? (Score:4, Funny)

    by ScouseMouse (690083) on Friday May 26 2006, @09:10AM (#15409436) Homepage
    Hmm, wont it be amusing for user's PCs to be spamming as part of an hidden botnet and running this at the same time. Hope their not on dialup.
    • The goal is to spam the spammer *sponsors*, not the spammers themselves. This is the exact reason why the blue frog was so successfull.
      Once you receive a mail advertizing pills or wrist ornaments , the Blue/Black frog client sends an opt-out message to the advertized mailbox.
      Let say this online shop sends a million spam messages by means of a spammer, he (the shop owner) receveives 1 million opt-out messages back !


      Days are counted for the spammers ! MUahAhahAHhaHAh
      • Ah this makes more sense now.

        Must go away and read the original bluefrog article again.

        Actually i wouldnt count on the days of spammers being numbered.
        The sneaky little bugg@rs have been getting round new antu-spam systems for years, and the more unscrupulous will start doing things like providing opt out locations that look different when you view then. (IE, providing two links, a link thats invisible for the anti spam engine to chew on, and one that isnt that may be obfuscated in some way)

        Unfortu

  • OMG vigilantes (Score:5, Insightful)

    by giorgiofr (887762) on Friday May 26 2006, @09:14AM (#15409462)
    I can imagine the slew of whiners who will complain about such a vigilante approach to this problem.
    Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here. It's the only strategy that's going to work. Bitching and moaning won't get you a clean mailbox. Taking spammers down will.
    If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

    • Re:OMG vigilantes (Score:5, Funny)

      by joe 155 (937621) on Friday May 26 2006, @09:17AM (#15409487) Journal
      couldn't we just send the spammers a sony music cd? That rootkit would take out their computers at the source instead of just spamming them
      • If it's a recent Sony music CD, you're going to have a hard time convincing them to put it in their computers as they'll likely be thinking, "Why do I want to listen to this garbage?"
      • I think we should solve this with a two tier internet!

        One "slow" tier would be for all the people who actually reply to spam (thus giving the spammers money) or get their computers infected with bots and fail to clean them.

        The other "fast" tier would be for poeple who know better than to click on everything in their email box and instead delete the spam / trojans.

    • Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here.

      I like Firefox and all, but I really don't see the connection between having a choice over your web browser and launching DoS attacks on possible spammers.

      If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

      Once they are state sponsored, they rather stop being vigilantes. They also (hopefully) are held ac

    • I have no mod points, so I must respond...

      I'd like to hope Okopipi could make a positive difference, but it cannot, because it is open to exploitation by the very people it's trying to stop.

      Okopipi's greatest asset: people who are desparate to stop spam; is also it's greatest weakness, because their frustration sometimes leads them to take ill considered actions without first understanding the facts. Choosing to publish the statement below is a fairly pertinent example:

      If you disagree with fighting f

      • When a state sponsored law enforcement official does their work they are enacting the will of a democratically elected governement. It is a careful and methodical process designed to protect the innocent.

        Perhaps the GP was from the US, where that doesn't hold true anymore...
    • > If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-
      > sponsored vigilantes.

      Actually, in any reasonable democracy law enforcement is more like "state-sponsered vigilantes, with an independent court system designed to prevent them from accidently screwing over the innocent in their zealous quest for justice."

  • Blue Security's reason for shutting down (Score:3, Informative)

    by Paran (28208) on Friday May 26 2006, @09:20AM (#15409511) Homepage
    I thought the reason Blue Security closed shop was because the spammers had diff'd their user database, identified quite a large amount of the participants, and then threatened virus attacks directed at them. Not because of the DDoS.

    Blue Security Gives up the Fight [slashdot.org]
    The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
    ...
    "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

    I'm guessing the only real difference is that users will know this time around.
    • You're getting things mixed up, I think most users were quite willing to get involved in the cyber-war, the problem was that the company didn't have the resources to fight it.

      I'll probably sign up for this blackfrog thing once I've checked it out. In fact, I'd probably consider giving money to someone collecting money to pay someone else to beat the shit out of the world's top spammers. I'm serious, they're scum..

      /Mikael

        • Frankly, they should have let the spammers go for it then. If you give in to Terrorists, you can only expect more terror in the future. Or so all the western governments seem to keep telling us as they send in the special forces.

          If the spammer took out a public enough target, the authorities would have had to get involved. BlueSecurity wasn't doing anything illegal (or even immoral - they only filled in the webform once for each email a user received.) so its a pity they were hounded out.
  • From their wiki:-

    Okopipi will automatically click the "opt-out" or "unsubscribe" links contained within the emails and/or report the spam to the appropriate authorities.

    I thought that it was generally a bad idea to click unsub or opt-out links in Spam messages since it only server to prove they have a valid email address and the receipient actually reads Spam messages.
    • Well, if you are trying to find spammers, and get more excuses to slam their websites, etc. then you want to click the unsubscribe links. The more spam they send you, the more they get slammed in response. Also, if this Black Frog stuff keeps track of this stuff, as part of the system, you then collect evidence of them sending you stuff even after you unsubscribed, which could be used to prosecute them in court as well as pounding their servers into the ground.

      So it makes sense for a system like this to

    • A legitimate concern, but with the Blue Frog system at least, the way this was handled was that the system did not identify which email address was clicking the links. All the "clicking" was done by the Blue Security servers, it just added up to one opt-out/unsubscribe click per spam message sent.
      • If the links are put together by someone who is not a total fucking moron, the link either has the email address encoded within it, or it is a unique token that links to a specific email address. Either way, following the opt-out link will indeed confirm that the address was deliverable. Unless these guys are just generating web traffic to the same server but a wholly different URL, preferably not even accessing the server by name but by IP... Which I doubt.

  • I am holding out for CrunchyFrog. (Score:3, Funny)

    by 1_brown_mouse (160511) on Friday May 26 2006, @09:27AM (#15409550)
    Every spammer gets a "Spring Surprise."

    CrunchyFrog explined. http://orangecow.org/pythonet/sketches/crunchy.htm [orangecow.org]

  • Before comparing to DDOS, or botnets. Be informed (Score:5, Insightful)

    by mybootorg (975440) on Friday May 26 2006, @09:46AM (#15409675)
    Ok folks, let get a few things straight.

    Blue Frog was NOT effective not as a denial of service attack or distributed denial of service attack. It was never meant or designed to be. The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance". The nuisance was this: for every spam that the spammer sent to the some 500,000 Blue Frog members, an automated script (bot) visited the website advertised and filled out the form for snakeoil, home refinancing -- whatever was being hawked. But instead of filling it in with valid input from someone interested in what the website was hawking, it filled it in with a legitimate plea from a single person to Opt-out of being spammed further. With me so far?

    The spammer -- or worse, the spammer's client -- in turn, goes to check on their database of people or leads to which they can hawk their snakeoil and generic viagra and low and behold, instead of being filled with legitimate contacts of people they can do business with -- it's filled with hundreds upon thousands of opt-out requests.

    Undoubtedly there are real requests from potential business contacts in there. But first they have to filter out all the opt-out requests that Blue Frog has submitted.

    Sound familiar? It sure does. It's what we've been putting up with for years. We open our Inbox and instead of seeing email from friends and business associates, we first have to sift through and filter a few gazillion pieces of spam -- each with "Hi How are you?" and "Important Account Information" fake titles. Only then can we get down to the email that's actually sent to us. It's a nuisance.

    Blue Frog forced spammers to deal with the SAME NUISANCE they cause us. And the spammers didn't care for it too much. They don't care about opt-out requests, the Internet, what people think of them, possible prosecution --- all they care about is making money and they're making it by the truckload. The fact that Blue Frog actually bothered them enough to use their botnets to attack is VERY encouraging. It means we've found a way to kick them in the ass and make it hurt.

    Please don't compare Blue Frog or Black Frog to a DDOS or DOS. As the Russian Spammer demonstrated with his attack, what little network disturbance Blue or Black Frog causes for the spammer or spammer client server pales in comparison to a real attack. Mainly because it isn't meant to be an attack in the first place.

    If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.

  • Security? (Score:3, Interesting)

    by Rob T Firefly (844560) on Friday May 26 2006, @10:22AM (#15409941) Homepage Journal
    This does look promising (from TFA:)

    "It will be based on a P2P network (the frognet)," according to a posting on the wiki. "On failure to connect it could still opt out given email addresses."

    Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.

    "Only the Okopipi administrators will know their locations," the group said on its wiki. This should make a DDoS attack "very difficult", it said.

    That seems solid, but I wonder how something so open can keep a secret like what and where its servers are. It's beyond me, anyone have more info?

  • Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
    --

    Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.

    Do you think we're idiots to let something like this happen?

    1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.

    2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.

    3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.

    4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.

    5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.

    6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.

    7. If any wants to cooperate, the google group is open to ideas.

    8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.
  • Due to TradeMark conflict, I have closed the Black Frog project. Actually the project was just a nameholder, since Okopipi was a separate project which I joined later.

    So the official name of the P2P antispam software is now "Okopipi". Please stop naming it "Black Frog" or we could get sued for Trademark Infringement.

    Thank you.

    (More info on my journal) [slashdot.org]

    • Re:Excuse me, but (Score:5, Interesting)

      by Billosaur (927319) * <wgrotherNO@SPAMoptonline.net> on Friday May 26 2006, @09:49AM (#15409700) Journal
      isn't this really good botnet vs bad botnet?

      More like Autobots vs Decepticons, but in the end it's the same thing. The "good" forces won't be a botnet per se, but a loosely aligned group of people doing the same thing, taking on a group with coordinated resources capable of wreaking terrible havok. It's vigilantism to be sure, but until the government of the world actually get their heads out of their butts and come up with a unified and mutually beneficial set of laws to deal with spammers wherever they live, this is the only tool anyone has to even try and slow the spammers down.

        • It will be interesting to see how a many-to-many DDOS plays out.

          I'm interested as well, but it's not going to be many-to-many. Each side will execute many-to-one. *Frog's many against spamvertisers one, multiple times, in a "one response per spam" action. Spammer's many against *Frog's one, in an "as much force as can be mustered" action.

          Provided that the spammer's attack can find an appropriate target, and depending on the flexibility of *Frog to make itself a constantly moving target.

          The weak link in t

    • Re:Uhm... Okopipi (Score:4, Insightful)

      by Magee_MC (960495) on Friday May 26 2006, @09:53AM (#15409738)
      Okopipi is a poisonous blue frog. Quite appropriate I think.

      As to the fact that it isn't "marketable", who cares. Would anyone have thought google was marketable before they started? If the product is good enough, the market doesn't care about the name.
    • The service fills in forms on spammers websites and submits it. This "corrupts" the data that the spammers are collecting by inserting hundreds of "opt out" submissions which makes finding the "valid" submissions (where stupid people responded to the spam looking to buy v1agr@) more difficult. There's nothing illegal (as far as I know) in using your own computer to fill out forms with bogus data.

      The few hundred frog subscribers don't have the horsepower to shut down a Web server anyway. They just make the r
    • I'm confused. Which are you advocating?
      a) Freezing them with fire retardant foam
      b) Hack off a few appendages with an axe
      c) Drowning
      d) All of the above in that order

      I think any one will do. Why be picky?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.