Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Blue Security Gives up the Fight

Posted by CmdrTaco on Wed May 17, 2006 10:12 AM
from the eggs-bacon-sausage-and-splat dept.
Security
bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
+ -
story

Related Stories

[+] BlueSecurity Fall-Out Reveals Larger Problem 366 comments
mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites. While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."
[+] BlackFrog to Take up BlueFrog's Flag 178 comments
Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."
[+] Technology: Blue Security Reborn As Social Action Enabler 29 comments
griswaldo writes "Wired News writes about the re-birth of the ill-fated Blue Security as a social action company. According to the article, founders of the former anti-spam company that made headlines after incurring the wrath of a Russian spam king have set up a company called Collactive that provides tools to organize grassroots action on political and social web sites. The article mentions a global warming initiative called WorldCoolers and, for the Slashdot YRO crowd, the Privacy Alert Network that kicked off by letting people comment on Homeland Security's latest crazy idea."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Blue Security Gives up the Fight 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • The problem is it relies on a central server. (Score:5, Insightful)

    by Ant P. (974313) on Wednesday May 17 2006, @10:15AM (#15350502) Homepage
    Anyone want to state the obvious answer?

    • Re:The problem is it relies on a central server. (Score:5, Insightful)

      by fak3r (917687) on Wednesday May 17 2006, @10:18AM (#15350529) Homepage
      Exactly, this is why Napster was brought down. They need a different client-server setup, me thinks a bittorrent/Onion Router style network would do the trick here, and with the start that BS has provided, I can't see it as being impossible to make this into an effective defensive/offensive tool.

      • Take a page from SETI (Score:5, Interesting)

        by fistfullast33l (819270) on Wednesday May 17 2006, @10:26AM (#15350596) Homepage Journal
        What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.

        However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.

    • Re:The problem is it relies on a central server. (Score:5, Informative)

      by Dan Ost (415913) on Wednesday May 17 2006, @10:24AM (#15350572)
      The problem would be how to make a distributed system that can't be poisoned or decieved by
      an attacker.

      One of the nice attributes of having a central server is that BlueSecurity could validate
      that the site was a legitimate target before unleashing the flurry of opt-out requests.

  • When the going gets tough... (Score:5, Insightful)

    by fak3r (917687) on Wednesday May 17 2006, @10:16AM (#15350506) Homepage
    Hey, wait a minute, I've followed Blue Security since I first read about them on /., and I can't believe they're just gonna fold up shop and give up! Isn't this what they got into the business for? Can't they take this attack and use it to demonstrate the validity of their concept? I wish they could think up another tactic besides, 'you win' -- perhaps diversifiying their URLs/IPs so that they're more spread out...less vuln to an attack on one IP? Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

    • Re:When the going gets tough... (Score:5, Interesting)

      by bbernard (930130) on Wednesday May 17 2006, @10:27AM (#15350604)
      I'd agree with the parent comments but for one issue. The company's clients were directly threatened. The spammers didn't just threaten Blue Security, they threatened Blue Security's customers. As the article stated, Blue Security's customers didn't sign up for a war. They signed up to not get spam. Getting bombarded by viral attacks wasn't part of the deal.

      That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.

      Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?
        • The attack was probably large, but then why wouldn't they seek out help from law enforcement?

          Because these "spam kings" (ok, let's find a new, more acceptable phrase, like "spam dorks") tend to hide out in countries that either have a) no formalized relations with the US or other countries or b) countries that might be allies but will not let us simply go tromping through their country on the hunt for spammers.

          They hide in the shadows, collect money from the stupid and unwary, and then go after anyone who tries to stop them. If you think DDoS attacke are their only weapon, think again. It really is going to take a campaign of Internet espionage followed by vigilantism to get at most of these people. I can see it now... Merc for Hire -- specializing in SPAM and the removal of the source with extreme prejudice!

      • Re:When the going gets tough... (Score:5, Informative)

        by pebs (654334) on Wednesday May 17 2006, @10:56AM (#15350876) Homepage
        What we need is to implement an open source p2p DOS network. Everybody can submit a link that they found in SPAM mail, with their DOS client. This way, the more a site is spamvertised, the more it is DOS-ed.
        Of course, the amount of DOS the site gets should be comparable with the bandwidth needed to send the spams, so there are no abuses of the system. Just send their crap back to the sites they run.

        That simply won't work because it will get exploited very easilly. I assume only links that have been submitted a large amount of times will get DDOSed. Someone will create a large amount of fake accounts on the P2P network, submit links to their target (or maybe spoof all the link submissions without needing to create fake accounts), and get a free DDOS network to attack whoever they want.

  • They should have listened (Score:5, Insightful)

    by CaptainZapp (182233) * on Wednesday May 17 2006, @10:17AM (#15350511) Homepage
    From the FA:

    "When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."

    Hell, the idea of flooding the spammers network is older then a reasonably aged Armagnac and was discounted even when it came up.

    Building a business model on such an innane idea looks as if the company execs are a few fries short of a happy meal. Speceifically since they where warned by more experienced people.

  • We are ALL "owned" (Score:5, Insightful)

    by TFGeditor (737839) on Wednesday May 17 2006, @10:17AM (#15350513) Homepage
    This episode proves that the spammers own and control the internet.

    The internet is no longer free (not as in beer). We must pay obesience to the owners by allowing their spam in out inboxes.

    I, for one, do NOT welcome our spam-spewing overlords.

      • Re:We are ALL "owned" (Score:5, Insightful)

        by RM6f9 (825298) <rwmurker@yahoo.com> on Wednesday May 17 2006, @11:04AM (#15350944) Homepage Journal
        Excuse me, one moment please: While I can understand that you (and many others) have a deep personal hatred for unsolicited commercial email, please consider correcting yourself - there is no way in kind or in degree that the irritation of Spam/UCE is equal to the tragedies of child pornography or rape.

        May whatever Deity exists prevent you from learning the difference first-hand.

  • Too bad. (Score:5, Interesting)

    by grub (11606) <slashdot@grub.net> on Wednesday May 17 2006, @10:17AM (#15350514) Homepage Journal

    I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.

      • Re:Too bad. (Score:5, Funny)

        by pla (258480) on Wednesday May 17 2006, @10:59AM (#15350905) Journal
        I never really understood the term "fight fire with fire." A more effective way to fight fire is with water or foam.

        Water and foam both put out fire by lowering the temperature and depriving the combustible material of oxygen. This requires enough foam or water to completely saturate the area already burning, with a bit extra on the edges to prevent fresh fuel from igniting. That works well on a small scale (a single house), but very poorly on widespread forest or brush fires.

        "Fighting fire with fire" means a controlled burn going inward toward the source of the fire. Done correctly, by the time the controlled burn meets the core of the fire, it has left in its wake a wide swath of already-consumed and partially-cooled fuel. Thus, the fire can't contine spreading outward along that same path. Completely surround the fire with such already-burned zones, and the fire can't do anything but burn itself out in-place.

        Rather than needing to saturate the existing fire and its edges, this only requires defending a single line against spreading in the wrong direction - And preparation for that can start before igniting the controlled burn (such as by pre-saturating the area and/or clear-cutting a narrow strip bordering the target burn).


        Extending the metaphor to to anti-spam techniques, think of the above description as DOS'ing the core of the fire. If we saturate the spammers' network connections, they have no more bandwidth to consume in spreading their crapfloods outward to the world. Continue until bandwidth costs "consume" the bank-accounts of the spammers (or more realistically, they cut their losses and run), and the spammer goes under (at least temporarily).



        Now personally, I'd rather mix metaphors and literally fight spam with fire - Track these less-than-worthless bastards down and surround their offices or houses with a ring of fire moving in toward the core. Then roast marshmallows over their charred corpses as we sing "We Shall Overcome".

        But, the law frowns on that, so I'll have to settle for simply helping to put them out of business.

  • authority? (Score:5, Funny)

    by gEvil (beta) (945888) on Wednesday May 17 2006, @10:24AM (#15350576)
    It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start

    Funny, not having the authority to do it didn't stop them before...

  • Dive Into Mark said it best... (Score:5, Interesting)

    by Saint Aardvark (159009) * on Wednesday May 17 2006, @10:25AM (#15350580) Homepage Journal

    If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.

    [...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."

    From Dive Into Mark [diveintomark.org] (which doesn't seem to be responding, so try Google's cache [72.14.209.104].)

  • Solving the Spam Bot problem (Score:5, Insightful)

    by smartin (942) on Wednesday May 17 2006, @10:31AM (#15350643)
    It seems that the problem here is that they were brought down by the spammer's huge number of bots running on compromised machines. Why has no one tackled this problem? It seems to me that this should be the responsibility of the ISP's. I'm no expert but I believe that if someone reports to an ISP that a particlular IP address is running a bot, that it should be a simple process for the ISP to do some tests to see if that is true by checking the nature of the traffic coming out of the machine. If they decide that the machine has been compromised, they should shut down it's connection and redirect port 80 requests to a web page explaining to the owner that their machine has be compromised and how to fix it.

    This does not seem to me to be a difficult technical problem and it is in everyone's interest to get the compromised machines off the net.

    • Re:Solving the Spam Bot problem (Score:5, Informative)

      by Pfhor (40220) on Wednesday May 17 2006, @10:49AM (#15350813) Homepage
      I made my university start the exact same policy. Shut down ports of the machines which were infected with klez. The problem was that students would just think their port was broken and plug into their roommates, etc. Obviously the school should have moved their MAC address into an infected pool and given them their own subnet with a webpage telling them that their machine was infected and to call tech support. But considering the somewhat large resources of people needed to get the machines back online (go and scrub the machine, most people were afraid to even touch them, and klez was a pain to remove). Not to mention the fact that people view their machines as appliances, not something needed to be maintained.

      ISPs are using the blocking of outgoing smtp traffic on port 25 for this very reason. But to really shut down this problem the ISP would also have to be able to provide technical support to remove the virus, or atleast something of that nature. Let alone the customer won't even think their computer is infected (how could it be, i don't download anything!!?) and the flurry of angry phone calls would ensue.

      We had users at my campus that had blocked ports for a month before we were able to get in touch with them, they just thought their computer was broken. Or we get a phone call from an angry parent whose little suzy or billy can't send them email and update their facebook.

      The idea is possible, but it is a nightmare in reality to have to support.

  • We're going about this the wrong way (Score:5, Insightful)

    by netruner (588721) on Wednesday May 17 2006, @10:44AM (#15350766)
    The bad guys won this time because we tried to match force with force. I've said it multiple times in this forum - we have to accept that spam isn't going to go away. The only way we're going to get it down to an acceptable level is to make it not worth doing.

    Filtering is one way, but basing it on the raw content of the email won't work. If there was a public key repository where legitimate users placed a public key for decryption, and all legitmate email were sent encrypted with the corresponding private key, the authenticity of the email could be known. Then, if someone starts making a nuisance of themselves, they could get their public key revoked. If this method were used, filters could be made to only let through emails that decrypted with the public key of the sender.

    Let's face it, spam is a fact of life. Remember that you're up against people who do this as their 9-5er with no regard for law, ethics or their public image if you want to go the force-vs-force route.

    • Re:Third Choice? (Score:5, Insightful)

      by Salty Moran (974208) on Wednesday May 17 2006, @10:18AM (#15350522) Journal
      It's hard not to fall to vigilantism when there's no sherriff in town to keep the peace on your behalf...

    • Re:Third Choice? (Score:5, Funny)

      by Headw1nd (829599) on Wednesday May 17 2006, @10:23AM (#15350562)
      Evidently your comments are modded so far down not even the spiders bother to read them.

    • Re:Third Choice? (Score:5, Informative)

      by grub (11606) <slashdot@grub.net> on Wednesday May 17 2006, @10:25AM (#15350586) Homepage Journal

      but anyone who's still getting spam in their inbox should install some nice filtering software.

      That's not the point. If you run your own mail server or rely on filtering at your client end the spam uses up your bandwidth, your storage, your CPU resources to filter it, etc. Spammers like to use zombie machines around the net. Their operations cost them very little as they steal the capability from everyone else.

    • Re:Third Choice? (Score:5, Insightful)

      by Tim C (15259) on Wednesday May 17 2006, @10:35AM (#15350675)
      I know the flip side of the spam problem is bandwidth wastage, but anyone who's still getting spam in their inbox should install some nice filtering software.

      I have a catch-all email address set up on my domain - so $anything@$mydomain gets to me.

      For years, I used to get a very small amount of spam to addresses like info@, sales@, etc, and a throwaway account I used on a website that I never used for any real mails.

      Then, a few months ago, some scum-sucking shit-brained low-life motherfucker* decided to use my domain name in forged From: addresses.

      (* But I'm not bitter)

      I now receive on the order of a thousand spams, bounces and assorted related crap per day. Now, of these, only a tiny handful make it to my inbox, and they're all easy to spot. I've not done the stats, but I'd image that Thunderbird's filtering is 99% accurate or better.

      It's still a pain in the arse though, and it's still utterly unacceptable behaviour on the part of the morons responsible.

      I don't necessarily think that vigilantism is the answer, but something has to be done.

      (Yes, I could switch off the catch-all addressing, but I actually find it useful, inconsiderate wankers trying to ruin the entire net for everyone not withstanding)

      • Sigh! Or why spam is unacceptable (Score:5, Insightful)

        by CaptainZapp (182233) * on Wednesday May 17 2006, @10:27AM (#15350600) Homepage
        I'm not a whiney mac fanboy, and even I get very very little spam. It's just not a day-to-day nuisance for me.

        Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.

        But the problem is not you, it's not me, it's not my little kid sisters dog.

        The problem is that a couple of hundred big time spammers are getting rich by shitting into the communal water supply!

        If you think that's acceptable within a society then you will apologise that I have no respect for you and the likes of you.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.