Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×

Blue Security Gives up the Fight 672

bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
This discussion has been archived. No new comments can be posted.

Blue Security Gives up the Fight

Comments Filter:
  • by Ant P. ( 974313 ) on Wednesday May 17, 2006 @09:15AM (#15350502)
    Anyone want to state the obvious answer?
    • by fak3r ( 917687 ) on Wednesday May 17, 2006 @09:18AM (#15350529) Homepage
      Exactly, this is why Napster was brought down. They need a different client-server setup, me thinks a bittorrent/Onion Router style network would do the trick here, and with the start that BS has provided, I can't see it as being impossible to make this into an effective defensive/offensive tool.
      • by fistfullast33l ( 819270 ) on Wednesday May 17, 2006 @09:26AM (#15350596) Homepage Journal
        What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.

        However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.
        • by Daniel Dvorkin ( 106857 ) * on Wednesday May 17, 2006 @09:35AM (#15350685) Homepage Journal
          At this point I'm convinced that the only solution is a worldwide series of gory murders of spam kings with "death to spammers" written on the walls at the crime scenes in the spammers' blood.
          • At this point I'm convinced that the only solution is a worldwide series of gory murders of spam kings with "death to spammers" written on the walls at the crime scenes in the spammers' blood.
            Someone beat you to it ... As described here [mosnews.com] or here [theregister.co.uk].

            Be pretty hard to get a murder conviction ... after all, there are literally MILLIONS of people with a motive ... I can picture it now ... the jury is deliberating, and says "the spammer got his skull crushed in ... sounds like he got off too lightly, dah?"

            • That's one. It will take at least two.

              (Given that the police are saying this one may be unrelated to spamming, it may take at least two MORE.)

              Hiroshima showed Japan that the US COULD make and deliver a nuclear bomb.

              The Japanese generals knew what it was, because they were working on one themselves. At that point, many of them thought the war was lost, and were prepared to surrender. But some of them argued that collecting and processing the necessary materials was such an effort that the US probably only
          • If there was an anonymous, untraceable way to send money to someone who would use it to kill spammers, I'd probably contribute.

            Seriously, it's that annoying.

            Maybe Sealand wants to start a Special Forces unit or something.
          • by infolib ( 618234 ) on Wednesday May 17, 2006 @10:35AM (#15351266)
            the only solution is a worldwide series of gory murders of spam kings

            Do it right then. If you've got 15 names, murder 10. Then drop a Usenet post with a couple of scene shots saying "There's five names left on my list. If you want to know if yours is on it, just keep spamming." That would stop much more than 15 spammers. (Or at least they'd cower.)

        • by GoRK ( 10018 ) on Wednesday May 17, 2006 @09:36AM (#15350695) Homepage Journal
          You mean like the screensaver from Lycos that died a horrible death too?
        • by NtroP ( 649992 )
          I think it could be solved by doing two things: 1) have a mechanism in place that does more to ensure the sender is who they say they are, and 2) Go to a whitelist-based system only.

          If every ISP blocked outgoing SMTP messages from their users and either 1) forced them to relay mail through their servers or 2) ensured that any user-run mail servers were properly configured with SPF, etc. before allowing them to access outgoing port 25 traffic, it would allow allow much better assurance that the sender was

    • P2P perhaps? (Score:4, Interesting)

      by Nursie ( 632944 ) on Wednesday May 17, 2006 @09:20AM (#15350544)
      Was about to post the same thing. Make a distributed app, receive spam, post "unsubscribe" link to app, (assuming this is how blue worked) instant mass traffic for spammer. The problem here is that if you don't have a central authority controlling what gets hit the someone will sooner or later abuse the P2P DDoS machine that you've effectively just created.
    • by Dan Ost ( 415913 ) on Wednesday May 17, 2006 @09:24AM (#15350572)
      The problem would be how to make a distributed system that can't be poisoned or decieved by
      an attacker.

      One of the nice attributes of having a central server is that BlueSecurity could validate
      that the site was a legitimate target before unleashing the flurry of opt-out requests.
      • by boldtbanan ( 905468 ) on Wednesday May 17, 2006 @09:37AM (#15350709)
        One of the nice attributes of having a central server is that BlueSecurity could validate that the site was a legitimate target before unleashing the flurry of opt-out requests.
        Which brings us right back to a centralized server in the first place. As long as everything has to pass through a single choke point (or even a small number of them), they are susceptible to the same DDOS attack. If there is no authoritative verification, you essentially just created a P2P DDOS system that the spammers/organized crime/anybody can (and will) readily abuse. Therin lies the rub.
        • by jafiwam ( 310805 ) on Wednesday May 17, 2006 @01:19PM (#15352661) Homepage Journal
          Well, if the anti-spammers wanted to play hardball they could use the 13 root DNS servers to host the anti-spam services (RBL or whatever).

          Then, when the spammers act to take it down, they take down the internet.

          Then joe-public and jackass-senator get involved and play hardball to... leading to PMITA prison for the the domestic ones, and severe concequences for the out of country ones. (Why the heck not just flatline all traffic out of Korea (home of many many zombified machines) for example. They clean up their boxes or they have their own internet.)

          That's hardball.

          So far, I have just seen reactionary measures that don't last long, or hand-wringing.
      • The problem would be how to make a distributed system that can't be poisoned or decieved by
        an attacker.


        Easy. Make it not relying on a server or P2P network at all. You only opt out *YOUR* e-mail address (hashed, of course). The mails will be either automated or human-verified (by you).
    • Just convince everyone to run tarproxies already, or get it integrated into the standard build of sendmail? Since you're obviously hinting at going wide distribution, why not go wide distribution with a tool that has a strong research, development, and testing history behind it.
    • by hotspotbloc ( 767418 ) on Wednesday May 17, 2006 @10:20AM (#15351122) Homepage Journal
      Anyone want to state the obvious answer?

      Coral cache (http://coralcdn.org/ [coralcdn.org]) with mod_expires to tweak the cache time and adjust length for high traffic times and mod_rewrite to drive everyone but Coral servers to the Coral cache. Not perfect but it could keep an otherwise dead site to appear alive for an extra day or so. Add in it's completely free, doesn't alter your pages and the only limits are a max single file size is ~35M and a daily bandwidth cap at 250G it's not a bad way to go.

      The question is would this take enough heat off of Blue Security to keep going?

    • Your question is based on a faulty premise: the best way to fight fire is with fire. That just leads to a burnt-out neighborhood, as Bluesecurity discovered. If you use a criminal's weapons against them, you will lose — they have more experience and better resources than you do.

      We will have spam as long as we rely on on an email system that relies on the good citizenship of senders. The only fix is a new system where you can't create a new identity just by modifying your email header.

  • by fak3r ( 917687 ) on Wednesday May 17, 2006 @09:16AM (#15350506) Homepage
    Hey, wait a minute, I've followed Blue Security since I first read about them on /., and I can't believe they're just gonna fold up shop and give up! Isn't this what they got into the business for? Can't they take this attack and use it to demonstrate the validity of their concept? I wish they could think up another tactic besides, 'you win' -- perhaps diversifiying their URLs/IPs so that they're more spread out...less vuln to an attack on one IP? Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.
    • I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

      I think you don't realize just how big the attack on Blue Security was (or the sort of resources the spammers control).

      There's probably less then one hundred companies who could've withstood that sort of ddosing. Blue Security wasn't one of them.
      • There's probably less then one hundred companies who could've withstood that sort of ddosing. Blue Security wasn't one of them.

        Neither was Tucow.
    • by bbernard ( 930130 ) on Wednesday May 17, 2006 @09:27AM (#15350604)
      I'd agree with the parent comments but for one issue. The company's clients were directly threatened. The spammers didn't just threaten Blue Security, they threatened Blue Security's customers. As the article stated, Blue Security's customers didn't sign up for a war. They signed up to not get spam. Getting bombarded by viral attacks wasn't part of the deal.

      That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.

      Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?
    • It's a sad day indeed.
      However, if they close up shop this easy, were they the right ones to be leading this fight?
      I also just love how I had to hear about this on /. Nothing like keeping your community informed of what's going on.
      The worst part is they probably picked up 50,000 or more subscribers over the period of the DDOS. It was actually much better advertising than they could have ever bought. Heck, it got me to join!
    • Can you say Russian Mafia? Can you imagine just how embarrasing closing up shop and calling it quits is for them after of the PR over the last week. I can't imagine they called it quits just because they thought they would have to deal with more DDoSs...infact they seemed to enjoy the fact that they got DDoSed.
  • by CaptainZapp ( 182233 ) * on Wednesday May 17, 2006 @09:17AM (#15350511) Homepage
    From the FA:

    "When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."

    Hell, the idea of flooding the spammers network is older then a reasonably aged Armagnac and was discounted even when it came up.

    Building a business model on such an innane idea looks as if the company execs are a few fries short of a happy meal. Speceifically since they where warned by more experienced people.

  • We are ALL "owned" (Score:5, Insightful)

    by TFGeditor ( 737839 ) on Wednesday May 17, 2006 @09:17AM (#15350513) Homepage
    This episode proves that the spammers own and control the internet.

    The internet is no longer free (not as in beer). We must pay obesience to the owners by allowing their spam in out inboxes.

    I, for one, do NOT welcome our spam-spewing overlords.

  • Too bad. (Score:5, Interesting)

    by grub ( 11606 ) <slashdot@grub.net> on Wednesday May 17, 2006 @09:17AM (#15350514) Homepage Journal

    I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.
    • I never really understood the term "fight fire with fire." A more effective way to fight fire is with water or foam. So perhaps a better idea would have been not to spam the spammers.
      • Re:Too bad. (Score:5, Funny)

        by pla ( 258480 ) on Wednesday May 17, 2006 @09:59AM (#15350905) Journal
        I never really understood the term "fight fire with fire." A more effective way to fight fire is with water or foam.

        Water and foam both put out fire by lowering the temperature and depriving the combustible material of oxygen. This requires enough foam or water to completely saturate the area already burning, with a bit extra on the edges to prevent fresh fuel from igniting. That works well on a small scale (a single house), but very poorly on widespread forest or brush fires.

        "Fighting fire with fire" means a controlled burn going inward toward the source of the fire. Done correctly, by the time the controlled burn meets the core of the fire, it has left in its wake a wide swath of already-consumed and partially-cooled fuel. Thus, the fire can't contine spreading outward along that same path. Completely surround the fire with such already-burned zones, and the fire can't do anything but burn itself out in-place.

        Rather than needing to saturate the existing fire and its edges, this only requires defending a single line against spreading in the wrong direction - And preparation for that can start before igniting the controlled burn (such as by pre-saturating the area and/or clear-cutting a narrow strip bordering the target burn).


        Extending the metaphor to to anti-spam techniques, think of the above description as DOS'ing the core of the fire. If we saturate the spammers' network connections, they have no more bandwidth to consume in spreading their crapfloods outward to the world. Continue until bandwidth costs "consume" the bank-accounts of the spammers (or more realistically, they cut their losses and run), and the spammer goes under (at least temporarily).



        Now personally, I'd rather mix metaphors and literally fight spam with fire - Track these less-than-worthless bastards down and surround their offices or houses with a ring of fire moving in toward the core. Then roast marshmallows over their charred corpses as we sing "We Shall Overcome".

        But, the law frowns on that, so I'll have to settle for simply helping to put them out of business.
  • Ugh. (Score:2, Funny)

    by Anonymous Coward
    According to The Washington Post, Blue Security has closed it is door which

    http://www.stormloader.com/garyes/its/#top [stormloader.com]

    It's not that hard.
  • official statement (Score:2, Interesting)

    by coaxeus ( 911103 ) *
    I'll wait to see an official satement from them. Considering they are offline right now, likely due to another DoS, and the spammers have spent the last 2 weeks doing joejob attacks and all sorts of e-mails supposedly from bluesecurity... it doesn't seem too unlikely to me that the spammers could convince the media of something.
  • authority? (Score:5, Funny)

    by gEvil (beta) ( 945888 ) on Wednesday May 17, 2006 @09:24AM (#15350576)
    It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start

    Funny, not having the authority to do it didn't stop them before...
  • by Saint Aardvark ( 159009 ) * on Wednesday May 17, 2006 @09:25AM (#15350580) Homepage Journal

    If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.

    [...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."

    From Dive Into Mark [diveintomark.org] (which doesn't seem to be responding, so try Google's cache [72.14.209.104].)

  • From their Website (Score:3, Informative)

    by librarygeek ( 126538 ) on Wednesday May 17, 2006 @09:26AM (#15350593)


    Blue Security Ceases Anti-Spam Operations

    When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.

    Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.

    However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.

    After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.

    As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.

    You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.

    We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.

    We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.

    We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.

                Thank you for your support,

                            The Blue Security Team.
  • I've been itching to sign up since I heard of this here, but first it was no confirmation email, then the members site went for a whole week with a "we're reorganizing it" message. I was wondering what kind of moron they have as an admin.

    This is extremely disappointing, I must say. Now that they finally got a noticeable success, world wide recognition and made lots of spammers squirm and wonder what will they do, they go and give up? Sheesh.

    But ah well. The client was Open Source, wasn't it? So, who will pi
  • I'm probably wrong here, but I thought this would be the perfect application of P2P functionality. No matter how much someone tries to poison P2P shared files, they can never poison them all. When the whitelist/blacklist updates are shared out as signed, and user rankings can be compared, all should work. There is no central server, and if you can see that the file you have downloaded comes from a user with excellent karma, then it can be trusted. Sure, even that will have ups and downs, but there is no way
  • by smartin ( 942 ) on Wednesday May 17, 2006 @09:31AM (#15350643)
    It seems that the problem here is that they were brought down by the spammer's huge number of bots running on compromised machines. Why has no one tackled this problem? It seems to me that this should be the responsibility of the ISP's. I'm no expert but I believe that if someone reports to an ISP that a particlular IP address is running a bot, that it should be a simple process for the ISP to do some tests to see if that is true by checking the nature of the traffic coming out of the machine. If they decide that the machine has been compromised, they should shut down it's connection and redirect port 80 requests to a web page explaining to the owner that their machine has be compromised and how to fix it.

    This does not seem to me to be a difficult technical problem and it is in everyone's interest to get the compromised machines off the net.
    • by Gr33nNight ( 679837 ) on Wednesday May 17, 2006 @09:47AM (#15350793)
      I am an admin on a low user irc server. We have been attacked by spam bots on a number of occasions. Our global ban list is at 50,000+ ip addresses. How are we suppose to track down each ISP? They are virus infested machines all over the world.
    • by Pfhor ( 40220 ) on Wednesday May 17, 2006 @09:49AM (#15350813) Homepage
      I made my university start the exact same policy. Shut down ports of the machines which were infected with klez. The problem was that students would just think their port was broken and plug into their roommates, etc. Obviously the school should have moved their MAC address into an infected pool and given them their own subnet with a webpage telling them that their machine was infected and to call tech support. But considering the somewhat large resources of people needed to get the machines back online (go and scrub the machine, most people were afraid to even touch them, and klez was a pain to remove). Not to mention the fact that people view their machines as appliances, not something needed to be maintained.

      ISPs are using the blocking of outgoing smtp traffic on port 25 for this very reason. But to really shut down this problem the ISP would also have to be able to provide technical support to remove the virus, or atleast something of that nature. Let alone the customer won't even think their computer is infected (how could it be, i don't download anything!!?) and the flurry of angry phone calls would ensue.

      We had users at my campus that had blocked ports for a month before we were able to get in touch with them, they just thought their computer was broken. Or we get a phone call from an angry parent whose little suzy or billy can't send them email and update their facebook.

      The idea is possible, but it is a nightmare in reality to have to support.
      • by adamfranco ( 600246 ) <(moc.ocnarfmada) (ta) (mada)> on Wednesday May 17, 2006 @10:55AM (#15351463) Homepage
        Check out Privateye [sourceforge.net].

        Privateye is a tool that our network security admin here at Middlebury College, Mike Halsall, wrote to automatically quarentine computers into a VLAN (that stays with their mac address) that only has access to a help page, anti-virus tools, and windows update.

        Due to the use of this and campus manager (I believe it's the software that actually manages the VLANs, could be wrong), viruses have gone from taking down the campus network several times a year, to being a non-issue. From the project page:


        Privateye came into being to satisfy the tedious task of corrolating event data being gathered from disparate security sensors (Snort, HoneyNet, IPS) and automatically take action on the sources generating the alerts.

        Example 1: You have an Intrusion Prevention System (IPS) that is dumping its alerts to a log file. Privateye is reading in this log file, in real time, and watching which alerts are being thrown by which IP addresses. Now, let's also say you have a user registration system, allowing each user's name to be associated wit h their current IP address. One of your users gets a virus that starts doing Bad Things; this virus starts scanning for open shares on your network (which, in and of itself, doesn't necessarily mean something is amiss) AND connects to an IRC server out on the Internet. Privateye's configuration (all done through one powerful configuration file) has a trigger that specifies, "if I see one of 'my users' perform 50 NetBIOS scans in 60 seconds AND connect to an IRC server, I'll run an external script to do something to that user." That "do something" could be shutting down the switch port the computer is connected to, flipping it into a quarantine VLAN, or just sending the user an email letting them know their machine probably has a virus.

        Example 2: You have a Snort box that alerts on SSH connections from the Internet to some of your internal hosts. You know that SSH brute-force attacks are prevalent, as every day your logs show thousands of login attempts from many machines on the Net. You configure Privateye such that if any external host (to your network) attempts more than 5 SSH logins in a minute, Privateye will run an external action that blocks the offending host from accessing your network for 2 hours at your firewall. If, when the 2 hours is up, they return, they'll then be blocked from accessing your network for 4 hours. Wash, rinse, repeat.


        - Adam
    • Right (Score:3, Insightful)

      You are an ISP that means you business getting people to pay you to let them on the internet. Now try to do this. Block people from the internet if they are not running proper software. How many seconds do you think it will be before people switch to a provider that doesn't block bots. Because people don't care they are infected they just want to be hassle free. Until their computer blows up they don't want to know that their machine is a bot.

      Anymore then people want to know their 3 ton car is causing glob

    • by dubl-u ( 51156 ) * <<ot.atop> <ta> <2107893252>> on Wednesday May 17, 2006 @10:38AM (#15351300)
      Why has no one tackled this problem?

      Because its in nobody's financial interest. A zombie computer causes most of its harm to other networks, not the one its on.

      Most of the ISPs are now large telcos and cable companies who hire support staff at would-you-like-fries-with-that wages. They don't have the capacity or the incentive to disinfect a zillion Windows boxes. It's much cheaper to buy a bigger pipe.

      Of course, Microsoft owns the root problem. They sold a supposedly consumer-grade operating system that consumers can't maintain. Windows needs a dialog box that says, "You computer has been invaded by evil fuckwads. Would you like to kick them out?" where the two choices are "Yes" and "Ok".
  • ...they could do what other large companies do. They get the senate and congress to talk to their buddies overseas to pressure THEM to curtail their illegal activities and such. This tactic worked wonders for Enron when they were trying to get their power set up in other countries in spite of resistance from local governments. (They just got the U.S. Goverment to throw a little weight around, threatening to cut off any aid.)
  • Scary thought (Score:4, Interesting)

    by dtsazza ( 956120 ) on Wednesday May 17, 2006 @09:33AM (#15350657)
    This really drives home how important it is for Average-Joe users to have decent security. Time was, if you got infected with a virus you'd get your hard drives wiped and have to reboot your machine. Then, viruses stole information instead. Nowadays, it seems like anyone with the inclination to do so can set up their own botnet using relatively simple tools.

    And of course, if you're in the business of breaking the law online (or rather just being generally anti-social) it's simply prudent to gather an army of computers, and then use that power to make others give into your demands. The actions of one hacker and his botnet caused an entire company to shut down operation - that's scary.

    And scarier still is that the thousands of people whose computers were hammering away at the server, contributing to the victory of evil over good, are unaware of the part their machines played, and will doubtless play again.

    This really is the computing equivalent of creating massive private armies with a mind-control drug - and while the email system really needs an overhaul, while the possibility to harness this kind of power exists there'll be the opportunity for extortion on this scale.
  • You mess with their illegal profits - they'll mess you up. It's as plain and simple as that. They're not even hiding it anymore.

    Let's just hope they'll start receiving the treatement that their real-world counterparts have recieved. In our lifetime.

  • by spge ( 783687 ) on Wednesday May 17, 2006 @09:38AM (#15350715) Homepage

    I find it very hard to believe that it is this straight-forward for one individual to potentially bring down the entire internet infrastructure. The Register reported on this story and said, "Anti-spam firm Blue Security is to cease trading after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy." It went on to say, "During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet."

    I suppose the most concerning part of this story is the bit where bribery appears to persuades a top ISP to make some dodgy configs:

    "According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address (194.90.8.20) at internet backbone routers. This rendered Blue's main website inaccessible outside Israel."

    This story smells a bit.

  • by netruner ( 588721 ) on Wednesday May 17, 2006 @09:44AM (#15350766)
    The bad guys won this time because we tried to match force with force. I've said it multiple times in this forum - we have to accept that spam isn't going to go away. The only way we're going to get it down to an acceptable level is to make it not worth doing.

    Filtering is one way, but basing it on the raw content of the email won't work. If there was a public key repository where legitimate users placed a public key for decryption, and all legitmate email were sent encrypted with the corresponding private key, the authenticity of the email could be known. Then, if someone starts making a nuisance of themselves, they could get their public key revoked. If this method were used, filters could be made to only let through emails that decrypted with the public key of the sender.

    Let's face it, spam is a fact of life. Remember that you're up against people who do this as their 9-5er with no regard for law, ethics or their public image if you want to go the force-vs-force route.
  • by leonbev ( 111395 ) on Wednesday May 17, 2006 @09:50AM (#15350823) Journal
    Sad to say, but the BlueFrog anti-spam client never really worked correctly. I tried it for two weeks, and found that often failed to successfully report any spam at all about 1/3rd of the time. Even when it did work, it never seemed cut down on my spam at all. If anything, the amount of spam that I'm getting now has doubled, since some spammers seem to be intentionally retaliating against me and sending me a dozen copies of same spam mail over and over again. I went from getting 50 spam messages to 100 spams a day, and I did nothing to promote my e-mail addresses during that time besides installing BlueFrog. Thanks for nothing, guys.
  • by linvir ( 970218 ) on Wednesday May 17, 2006 @09:52AM (#15350832)
    The king spammers are too powerful. If it's vigilante action you're after, it seems that the right people to attack are their customers. Bluesecurity would have done better if they'd sent the opt-out requests to the companies being advertised.
    This person has received a promotional email advertising your product, and is not interested in it. They have authorised us to advise you of this on their behalf. Please inform your advertising provider of this and ask them to remove this user from their list.

    And underground, it'd be also be helpful to DDoS the fuckers. The problem with that is that the dickhead 13 year old kids running the botnets don't care about spam.

  • by Opportunist ( 166417 ) on Wednesday May 17, 2006 @10:00AM (#15350915)
    You can't fight spam at the originating point. More often than not it's sent through hijacked PCs. Hitting them won't help anyone.

    So you have to hit the site that's been advertised by the spam. P2P has been mentioned as the "way to go" to avoid a similar fate. And the dangers of "seed poisoning". This can be circumvented. Have the clients "read" the spam folder of the participating person. Have them exchange their spam folders. Have them count the messages received. And once a critical amount of similar or identical messages have been identified, have them hold a vote who's going to get it for the next, say, 8 hours.

    This all can be done without the participation of a host.

    Now, of course someone could send around some spam to, say, shoot at Microsoft. How to prevent that?

    Well, spam needs some time to propagate. This time can be used to update some whitelist. This whitelist, again, would have to be administered decentralized. I.e. you declare something "not spam". If enough people call spam "no spam", the attack won't happen. At the same time, run a blacklist that lets you identify something "clearly as spam", which puts more weight behind the counter.

    If something has circulated for 2 days or more and is still labeled "Spam", the flood rolls in. Yes, I'm aware that quite a few spam-ad'ed servers are hijacked too. That's why the attack should not run for more than about 2 hours. Should give the admin there a good heads-up, to say the least, and take a look at his setup. Should he not wise up, the next one runs for 4, then 8, 16, 24 hours and so on.

    Still needs some fleshing out, but I guess that'd be a way to run it.
  • by portwojc ( 201398 ) on Wednesday May 17, 2006 @10:05AM (#15350959) Homepage
    "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

    You started the fight and you expected them to buckle but you forgot one thing. They don't care if what they do is illegal. You do.

    They will keep sending their junk and if you think they will ever stop you are naive. You can't stop them from doing it. You have to accept that first and then come up with a method that will just make it harder for them to get their junk out.
  • by linvir ( 970218 ) on Wednesday May 17, 2006 @10:13AM (#15351024)
    It's exactly what I signed up for. Maybe they got the majority of their users before the DDoS, but I only signed up once it turned ugly, and a lot of people here would say the same.

    This really demonstrates the need for a distributed version. Not only is the centralised architecture easy to attack, as we saw with BS vs PM, but also it's at the mercy of its operators. A living breathing antispam system was in place, with many willing users, but had to be shut down because the tiny head at the top of the body wanted out. If it was less monolithic, head shots wouldn't even exist.

    Tie that in with my other idea [slashdot.org], and maybe there's a good method in there somewhere.

  • Bastards! They deleted the source files! They could at least give the source code for us to share.

    Anyway, this clearly gives us one choice: Decentralizing Blue Frog.

    The concept has been proven. Flooding the servers with opt-out requests.

    So I propose this: Make a decentralized "black frog" which directly analyses the e-mails and begins doing what Blue Frog did. But this time, it's per-user.

    If anyone wants to start the Black Frog project, give me a message (my gmail address is posted in my account).

    The concept is this. Instead of asking the spammers to download the "do not intrude" list, hash your own mails using the following formula:

    hash = substr(SHA1(e-mail),32). And in the post tell the spammer to remove this hash from their mailing list. (We can include random hashes to make it blurry).

    If anyone wants to start the project, I'd be happy to organize it.

    We need:

    * At least one person with access to the Blue Frog sourcecode, or someone who has helped in programming the Blue Frog
    * Lots of programmers
  • by Idaho ( 12907 ) on Wednesday May 17, 2006 @10:17AM (#15351076)
    "Our users never signed up for this kind of thing. You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"

    What kind of thing? What kind of effective method has been found to do, what exactly? What is "this" concept we are talking about?

    I read this site (almost) daily but have never ever heard of this company before. As it is apparently some kind of small startup, I'd imagine many others around here have never heard of them, either.

    Without any context, this "article" is pure gibberish. Maybe it makes sense after reading the linked article (which, I'll admit in good /. style, I haven't *yet* done), but can we please at least try to make somewhat clear what an article is about, so that everyone can decide for himself whether this subject is of interest to them in the first place?

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...