Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blue Security Gives up the Fight

CmdrTaco posted more than 8 years ago | from the eggs-bacon-sausage-and-splat dept.

672

bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"

Sorry! There are no comments related to the filter you selected.

Third Choice? (1, Offtopic)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15350493)

Will someone else adapt this concept, or does the internet world give up?

How about a third choice - will the internet world try a different method that doesn't involve vigilantism? (and the inevitable chaos that follows a war)

Slightly Offtopic: My email (whineymacfanboy@gmail.com) is in clear text on /. (not hiding behind childish obfuscation), yet I only get one Spam per week that actually makes it into my inbox! I know the flip side of the spam problem is bandwidth wastage, but anyone who's still getting spam in their inbox should install some nice filtering software.

Completely Offtopic: Has anyone else noticed the "Compare prices on YRO Products" [slashdot.org] link in the "Related links" sidebar? WTF is a YRO product?

Re:Third Choice? (2, Funny)

benjjj (949782) | more than 8 years ago | (#15350520)

I'm not a whiney mac fanboy, and even I get very very little spam. It's just not a day-to-day nuisance for me.

Sigh! Or why spam is unacceptable (5, Insightful)

CaptainZapp (182233) | more than 8 years ago | (#15350600)

I'm not a whiney mac fanboy, and even I get very very little spam. It's just not a day-to-day nuisance for me.

Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.

But the problem is not you, it's not me, it's not my little kid sisters dog.

The problem is that a couple of hundred big time spammers are getting rich by shitting into the communal water supply!

If you think that's acceptable within a society then you will apologise that I have no respect for you and the likes of you.

Re:Third Choice? (5, Insightful)

Salty Moran (974208) | more than 8 years ago | (#15350522)

It's hard not to fall to vigilantism when there's no sherriff in town to keep the peace on your behalf...

Re:Third Choice? (2, Insightful)

fistfullast33l (819270) | more than 8 years ago | (#15350546)

I noticed that your user page doesn't have any submitted stories that made the front page. I also comment fairly regularly and have had three submissions accepted. After my first one, I started receiving 20-30 phishing emails a day in my gmail inbox, and about 5 legitimate emails. That's why I've stopped posting any kind of email whatsoever to this site. As it is, my URL currently goes nowhere as well because shortly after I started using that instead I got hit with comment spam and lacking the time to install a solution like captcha images, I decided to just take the server down instead. This is for a site that got at most 20 people a day who were mostly my friends. We need some kind of international solution to stop these people and the harm they're doing.

Re:Third Choice? (5, Funny)

Headw1nd (829599) | more than 8 years ago | (#15350562)

Evidently your comments are modded so far down not even the spiders bother to read them.

Re:Third Choice? (0)

Anonymous Coward | more than 8 years ago | (#15350594)

That's even funnier if you imagine real spiders reading Slashdot.

Re:Third Choice? (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15350800)

That is the funniest comment I have ever read on /.

Re:Third Choice? (5, Informative)

grub (11606) | more than 8 years ago | (#15350586)


but anyone who's still getting spam in their inbox should install some nice filtering software.

That's not the point. If you run your own mail server or rely on filtering at your client end the spam uses up your bandwidth, your storage, your CPU resources to filter it, etc. Spammers like to use zombie machines around the net. Their operations cost them very little as they steal the capability from everyone else.

Re:Third Choice? (1)

Potor (658520) | more than 8 years ago | (#15350629)

good points.

Re:Third Choice? (0)

Potor (658520) | more than 8 years ago | (#15350609)

agreed. between gmail (personal) and thunderbird (work), almost no spam reaches my inbox. like you, i average less than one a week on gmail, and a similar amount on thunderbird.

i receive an ungodly amount of spam that goes directly to my junk folders (my work address is on many webpages, for instance), so i am very impressed with gmail and thunderbird.

a few years ago i needed to send emails to nigeria on a daily basis. you should have seen my spam count then!

Re:Third Choice? (2, Funny)

Sans_A_Cause (446229) | more than 8 years ago | (#15350691)

"a few years ago i needed to send emails to nigeria on a daily basis. you should have seen my spam count then!"

Yeah, yeah...but how much money did you make?

Re:Third Choice? (1)

Potor (658520) | more than 8 years ago | (#15350811)

i actually received the nigeria 419 scam as a fax in or about 1997. i had no idea what to make of it.

Re:Third Choice? (0)

Anonymous Coward | more than 8 years ago | (#15350713)

I wish I was as lucky as you. My Gmail account gets 2,000+ spam e-mails a month. The filter catches most, but still not all, and theres nothing I can do about that crap.

Re:Third Choice? (5, Insightful)

Tim C (15259) | more than 8 years ago | (#15350675)

I know the flip side of the spam problem is bandwidth wastage, but anyone who's still getting spam in their inbox should install some nice filtering software.

I have a catch-all email address set up on my domain - so $anything@$mydomain gets to me.

For years, I used to get a very small amount of spam to addresses like info@, sales@, etc, and a throwaway account I used on a website that I never used for any real mails.

Then, a few months ago, some scum-sucking shit-brained low-life motherfucker* decided to use my domain name in forged From: addresses.

(* But I'm not bitter)

I now receive on the order of a thousand spams, bounces and assorted related crap per day. Now, of these, only a tiny handful make it to my inbox, and they're all easy to spot. I've not done the stats, but I'd image that Thunderbird's filtering is 99% accurate or better.

It's still a pain in the arse though, and it's still utterly unacceptable behaviour on the part of the morons responsible.

I don't necessarily think that vigilantism is the answer, but something has to be done.

(Yes, I could switch off the catch-all addressing, but I actually find it useful, inconsiderate wankers trying to ruin the entire net for everyone not withstanding)

Re:Third Choice? (1)

kisrael (134664) | more than 8 years ago | (#15350747)

I'm in the same boat. Fuckers. I can't believe there's not a clear path legal recourse for this kind of impersonation...

Re:Third Choice? (1)

BenjyD (316700) | more than 8 years ago | (#15350791)

I have a well-trained spamassassin setup and all the Postfix UCE controls on (require resolvable FQDN, reject from relays.ordb.org etc.) Yet I still get 20 spam in my inbox/day, plus constant Helo command rejected: Host not found on the server.

The problem is it relies on a central server. (5, Insightful)

Ant P. (974313) | more than 8 years ago | (#15350502)

Anyone want to state the obvious answer?

Re:The problem is it relies on a central server. (4, Insightful)

fak3r (917687) | more than 8 years ago | (#15350529)

Exactly, this is why Napster was brought down. They need a different client-server setup, me thinks a bittorrent/Onion Router style network would do the trick here, and with the start that BS has provided, I can't see it as being impossible to make this into an effective defensive/offensive tool.

Take a page from SETI (5, Interesting)

fistfullast33l (819270) | more than 8 years ago | (#15350596)

What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.

However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.

Re:Take a page from SETI (4, Insightful)

Daniel Dvorkin (106857) | more than 8 years ago | (#15350685)

At this point I'm convinced that the only solution is a worldwide series of gory murders of spam kings with "death to spammers" written on the walls at the crime scenes in the spammers' blood.

Re:Take a page from SETI (0)

Anonymous Coward | more than 8 years ago | (#15350736)

I'm doing my bit; I just posted a picture of a spammer's house on a forum I frequent. I decided to go easy on him this once; I didn't post his mobile phone number, but I could have. The stupid spammers leave far too much personally identifying information lying about for anybody to find.

This works ... 100% effective in killing off spam (3, Interesting)

tomhudson (43916) | more than 8 years ago | (#15350770)

At this point I'm convinced that the only solution is a worldwide series of gory murders of spam kings with "death to spammers" written on the walls at the crime scenes in the spammers' blood.
Someone beat you to it ... As described here [mosnews.com] or here [theregister.co.uk] .

Be pretty hard to get a murder conviction ... after all, there are literally MILLIONS of people with a motive ... I can picture it now ... the jury is deliberating, and says "the spammer got his skull crushed in ... sounds like he got off too lightly, dah?"

Re:Take a page from SETI (5, Funny)

Kadin2048 (468275) | more than 8 years ago | (#15350785)

If there was an anonymous, untraceable way to send money to someone who would use it to kill spammers, I'd probably contribute.

Seriously, it's that annoying.

Maybe Sealand wants to start a Special Forces unit or something.

Re:Take a page from SETI (3, Informative)

GoRK (10018) | more than 8 years ago | (#15350695)

You mean like the screensaver from Lycos that died a horrible death too?

P2P perhaps? (3, Interesting)

Nursie (632944) | more than 8 years ago | (#15350544)

Was about to post the same thing. Make a distributed app, receive spam, post "unsubscribe" link to app, (assuming this is how blue worked) instant mass traffic for spammer. The problem here is that if you don't have a central authority controlling what gets hit the someone will sooner or later abuse the P2P DDoS machine that you've effectively just created.

Re:P2P perhaps? (2, Funny)

Anonymous Coward | more than 8 years ago | (#15350732)

"Don't be too proud of this P2P terror you've constructed. The ability to destroy a spammer is insignificant next to the DDOS of the Internet."

Re:The problem is it relies on a central server. (5, Informative)

Dan Ost (415913) | more than 8 years ago | (#15350572)

The problem would be how to make a distributed system that can't be poisoned or decieved by
an attacker.

One of the nice attributes of having a central server is that BlueSecurity could validate
that the site was a legitimate target before unleashing the flurry of opt-out requests.

Re:The problem is it relies on a central server. (3, Insightful)

boldtbanan (905468) | more than 8 years ago | (#15350709)

One of the nice attributes of having a central server is that BlueSecurity could validate that the site was a legitimate target before unleashing the flurry of opt-out requests.
Which brings us right back to a centralized server in the first place. As long as everything has to pass through a single choke point (or even a small number of them), they are susceptible to the same DDOS attack. If there is no authoritative verification, you essentially just created a P2P DDOS system that the spammers/organized crime/anybody can (and will) readily abuse. Therin lies the rub.

Re:The problem is it relies on a central server. (1, Interesting)

Surt (22457) | more than 8 years ago | (#15350660)

Just convince everyone to run tarproxies already, or get it integrated into the standard build of sendmail? Since you're obviously hinting at going wide distribution, why not go wide distribution with a tool that has a strong research, development, and testing history behind it.

When the going gets tough... (4, Insightful)

fak3r (917687) | more than 8 years ago | (#15350506)

Hey, wait a minute, I've followed Blue Security since I first read about them on /., and I can't believe they're just gonna fold up shop and give up! Isn't this what they got into the business for? Can't they take this attack and use it to demonstrate the validity of their concept? I wish they could think up another tactic besides, 'you win' -- perhaps diversifiying their URLs/IPs so that they're more spread out...less vuln to an attack on one IP? Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

Re:When the going gets tough... (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15350538)

I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

I think you don't realize just how big the attack on Blue Security was (or the sort of resources the spammers control).

There's probably less then one hundred companies who could've withstood that sort of ddosing. Blue Security wasn't one of them.

Re:When the going gets tough... (1)

tha_mink (518151) | more than 8 years ago | (#15350566)

There's probably less then one hundred companies who could've withstood that sort of ddosing. Blue Security wasn't one of them.

Neither was Tucow.

Re:When the going gets tough... (1)

networkBoy (774728) | more than 8 years ago | (#15350676)

specifically I think there are less than 20 companies world wide that could handle the attack, most of the others would have their link saturated, even if the servers did survive.
-nB

Re:When the going gets tough... (1)

plague3106 (71849) | more than 8 years ago | (#15350571)

The attack was probably large, but then why wouldn't they seek out help from law enforcement?

The app sending an opt out email on behalf of the user is not illegal; DDOSing a site is.

Re:When the going gets tough... (1)

10Ghz (453478) | more than 8 years ago | (#15350731)

"The attack was probably large, but then why wouldn't they seek out help from law enforcement?"

That would basically mean asking assistance from RUSSIAN law-enforcement, since the spammers were Russian. Call me prjudiced, but I have very little faith in 'em.

Re:When the going gets tough... (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#15350782)

The attack was probably large, but then why wouldn't they seek out help from law enforcement?

Because these "spam kings" (ok, let's find a new, more acceptable phrase, like "spam dorks") tend to hide out in countries that either have a) no formalized relations with the US or other countries or b) countries that might be allies but will not let us simply go tromping through their country on the hunt for spammers.

They hide in the shadows, collect money from the stupid and unwary, and then go after anyone who tries to stop them. If you think DDoS attacke are their only weapon, think again. It really is going to take a campaign of Internet espionage followed by vigilantism to get at most of these people. I can see it now... Merc for Hire -- specializing in SPAM and the removal of the source with extreme prejudice!

Re:When the going gets tough... (5, Interesting)

bbernard (930130) | more than 8 years ago | (#15350604)

I'd agree with the parent comments but for one issue. The company's clients were directly threatened. The spammers didn't just threaten Blue Security, they threatened Blue Security's customers. As the article stated, Blue Security's customers didn't sign up for a war. They signed up to not get spam. Getting bombarded by viral attacks wasn't part of the deal.

That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.

Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?

Re:When the going gets tough... (-1)

T3kno (51315) | more than 8 years ago | (#15350653)

Blue Security should switch their users over to a "alternative" operating system :)

BS: Ohh so you're gonna send viruses? Flame on!!!!
SPAM: DA!!!! Heresky Comesky Virusky

BS: Cha! That's all you got bitch
SPAM: Whatsky The Fucksky?!?!?!?

BS, along with 99% of the FOSS community lauch counter attack on Mother Russian Spammers.

Step 3: Profit

Re:When the going gets tough... (3, Interesting)

MrDoh1 (906953) | more than 8 years ago | (#15350671)

It's a sad day indeed.
However, if they close up shop this easy, were they the right ones to be leading this fight?
I also just love how I had to hear about this on /. Nothing like keeping your community informed of what's going on.
The worst part is they probably picked up 50,000 or more subscribers over the period of the DDOS. It was actually much better advertising than they could have ever bought. Heck, it got me to join!

Re:When the going gets tough... (2, Interesting)

Stellian (673475) | more than 8 years ago | (#15350726)

Come on, what do readers think...I know there's got to be some way to use BS software and reroute things through an Onion style network to fight back.

The fact that Blue Security has failed does not surprise me. They were a business, and this kind of vigilante justice cannot be made profitable.
What we need is to implement an open source p2p DOS network. Everybody can submit a link that they found in SPAM mail, with their DOS client. This way, the more a site is spamvertised, the more it is DOS-ed.
Of course, the amount of DOS the site gets should be comparable with the bandwidth needed to send the spams, so there are no abuses of the system. Just send their crap back to the sites they run.

Re:When the going gets tough... (0)

Anonymous Coward | more than 8 years ago | (#15350768)

Why not use a trackerless Torrent system? Then there is no single ip to DDOS

They should have listened (5, Insightful)

CaptainZapp (182233) | more than 8 years ago | (#15350511)

From the FA:

"When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."

Hell, the idea of flooding the spammers network is older then a reasonably aged Armagnac and was discounted even when it came up.

Building a business model on such an innane idea looks as if the company execs are a few fries short of a happy meal. Speceifically since they where warned by more experienced people.

We are ALL "owned" (5, Insightful)

TFGeditor (737839) | more than 8 years ago | (#15350513)

This episode proves that the spammers own and control the internet.

The internet is no longer free (not as in beer). We must pay obesience to the owners by allowing their spam in out inboxes.

I, for one, do NOT welcome our spam-spewing overlords.

Re:We are ALL "owned" (0, Insightful)

Anonymous Coward | more than 8 years ago | (#15350754)

We don't have to do anything of the sort. What we should be doing is redesigning the SMTP protocol so spamming becomes either too cost-prohibitive or downright technically impossible. If we took the billions of dollars a year we pour into fighting spam with blocklists, heuristics, and the ever popular "just delete it from your inbox when you get it" and a) got our legislators to actually REALLY ban spam, and b) redesigned the protocol to provide technological countermeasures against the possibility of spam, we'd have licked this problem years ago. Spam is just as bad as child pornography or rape and should be combatted with as many or more resources than these disgusting crimes.

Too bad. (5, Interesting)

grub (11606) | more than 8 years ago | (#15350514)


I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.

Re:Too bad. (1)

the_humeister (922869) | more than 8 years ago | (#15350617)

I never really understood the term "fight fire with fire." A more effective way to fight fire is with water or foam. So perhaps a better idea would have been not to spam the spammers.

Re:Too bad. (1)

grub (11606) | more than 8 years ago | (#15350664)


I like this sort of tactic. I ran the MakeLoveNotSpam client at home when that project was up, I run OpenBSD's spamd which ties up spammer resources for hours in some cases, and I liked BlueSecurity's idea. If everyone actively fought against the spammers rather than being docile asswipes hiding behind their ISP's spam filters then the net would probably be a nicer place.

Re:Too bad. (1)

belg4mit (152620) | more than 8 years ago | (#15350752)

Nope, sometimes you don't have enough water so you burn a fire break.
Of course, the term is usually used to mean fight dirty fighting by fighting dirty.

Re:Too bad. (1)

kfg (145172) | more than 8 years ago | (#15350771)

Fight fire with fire.

An effective way to organize a weenie roast. A rather poor way to organize a village to hold a weenie roast in.

Fight back? Damn straight, but forgive me if I would prefer a method that doesn't leave me standing in the smoldering ruins of my home smuggly saying, "I won."

Or, in this case, "I Lost."

Well, that's ok. Failure is the most valuable tool you own, if you pay attention and learn from it. It doesn't look, at the moment, as if you have absorbed the lesson as of yet.

Perhaps you are not familiar with the working definition of insanity? Applying it is not good engineering, computer or social.

KFG

Ugh. (2, Funny)

Anonymous Coward | more than 8 years ago | (#15350526)

According to The Washington Post, Blue Security has closed it is door which

http://www.stormloader.com/garyes/its/#top [stormloader.com]

It's not that hard.

Re:Ugh. (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15350599)

No, jackass, it's its' because it's possessive.

Post a useless comment, get a useless comment.

Re:Ugh. (0)

Anonymous Coward | more than 8 years ago | (#15350689)

I really hope you were joking...for your sake.

Re:Ugh. (1)

Ulven (679148) | more than 8 years ago | (#15350761)

But in case he wasn't:

it's = it is

its = belongs to it

its' = made up nonsense

Re:Ugh. (0)

Anonymous Coward | more than 8 years ago | (#15350759)

You're grammer rules are to lose too follow, so they're summary is correct.

Or... (1)

Poromenos1 (830658) | more than 8 years ago | (#15350796)

This [poromenos.org] works as well.

Official Press Release: (1)

necrodeep (96704) | more than 8 years ago | (#15350527)

http://www.bluesecurity.com/ [bluesecurity.com] - which seems to be up or down at any given moment.... still under attack?

Re:Official Press Release: (1)

coaxeus (911103) | more than 8 years ago | (#15350640)

DNS attack perhaps. If your in windoze open your hosts file with notepad c:\WINDOWS\system32\drivers\etc\hosts
add one of these lines:
72.52.8.7 www.bluesecurity.com
72.52.9.7 www.bluesecurity.com

official statement (2, Interesting)

coaxeus (911103) | more than 8 years ago | (#15350539)

I'll wait to see an official satement from them. Considering they are offline right now, likely due to another DoS, and the spammers have spent the last 2 weeks doing joejob attacks and all sorts of e-mails supposedly from bluesecurity... it doesn't seem too unlikely to me that the spammers could convince the media of something.

Learn to spell "its", moron. (0)

Anonymous Coward | more than 8 years ago | (#15350547)

Spelling matters.

Blue Security vs. Spam (1)

50m31sl4sh. (854939) | more than 8 years ago | (#15350549)

Spam wins [google.com]

Sad, but true: you cannot defeat the spammers using their own methods.

Not proven yet (1)

Weaselmancer (533834) | more than 8 years ago | (#15350690)

you cannot defeat the spammers using their own methods.

At the current level of effort. Escalation may be the key. I'll mirror an earlier poster about decentralization. Maybe more servers, or a whole P2P type network bombing these bastards would be more effective.

BTW, like your sig. =)

Agreed. (1)

nathan s (719490) | more than 8 years ago | (#15350783)

When I read the article, I was struck by the fact that they're trying to use voluntary DOS attacks against spammers. I've NEVER heard of this company before, and I imagine Joe Average User hasn't either. I'm willing to bet that there are a lot more Joe Average Users out there with compromised systems on a botnet than there are people participating in the Blue Security net - probably by a couple factors of 10. Besides, do we really need another million computers wasting bandwidth on such an obviously failure-destined approach to spam-fighting? It just seems lose-lose all around to me.

wow (1, Insightful)

trybywrench (584843) | more than 8 years ago | (#15350557)

Wow so the bad guys won? This isn't the way it's suppose to happen. wtf

authority? (4, Funny)

gEvil (beta) (945888) | more than 8 years ago | (#15350576)

It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start

Funny, not having the authority to do it didn't stop them before...

Although it wasn't that clear ... (1)

Sonic McTails (700139) | more than 8 years ago | (#15350579)

The Blue Frog client was open source. It shouldn't that hard to modify it so that anyone could install a module onto their web/mail server so Blue Frog can send emails, and have the entire system run decentralized. I.E. I run two mail servers with a Blue Frog module on it, and I publish those servers for public use by the BlueFrog client. System administrators can check sites and domains to send spam reports to and control it. I'd love to see the spammers take down a decentralized since it would be nearly impossible to shut down every node in a decenteralized system.

Dive Into Mark said it best... (5, Interesting)

Saint Aardvark (159009) | more than 8 years ago | (#15350580)

If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.

[...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."

From Dive Into Mark [diveintomark.org] (which doesn't seem to be responding, so try Google's cache [72.14.209.104] .)

what really makes me sick every time... (0)

Anonymous Coward | more than 8 years ago | (#15350589)

what really makes me sick every time I read such horror stories about spam, zombies, virus, etc. is that this whole ecosystem only exists because this industry as a whole is full of fucktards completely clueless with regards to security (and that problem is affecting more than a single platform [needing to be root to install a fscking .rpm while the equivalent .tar.gz can be installed by a user without privileges? Fscking fucktards...]).

Re:what really makes me sick every time... (0)

Anonymous Coward | more than 8 years ago | (#15350680)

I just want to know why the current email protocol is so obviously broken that it isn't sufficient motivation to rebuild it. The amount of disruption it would cause isn't much worse than the mess it is now and it would pay off in future maintenance.

Sad turn of events... (0)

Anonymous Coward | more than 8 years ago | (#15350592)

I really don't understand what the point of spam is anyway. If I see it in my inbox (thankfully both my company as well as gmail have excellent spam reduction software), I delete it. How can spam be a "multi-million dollar" business? Are there really people that respond and follow through on the various offers proferred through such venues? What is it that really makes spam so worthwhile, seriously?

On the other hand, it is unfortunate that the spammers weild such massive power to force a company's closure. I can see it now...

"Hey, ya, I think you needs some 'insurance'. It'd be bad if anything, ya know, happened to your servers or sumtin'."

Re:Sad turn of events... (1)

graemecoates (592009) | more than 8 years ago | (#15350707)

On the other hand, it is unfortunate that the spammers weild such massive power to force a company's closure. I can see it now...

"Hey, ya, I think you needs some 'insurance'. It'd be bad if anything, ya know, happened to your servers or sumtin'."

Now if only we could get the spammers on a tax evasion charge...

From their Website (3, Informative)

librarygeek (126538) | more than 8 years ago | (#15350593)



Blue Security Ceases Anti-Spam Operations

When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.

Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.

However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.

After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.

As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.

You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.

We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.

We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.

We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.

            Thank you for your support,

                        The Blue Security Team.

Re:From their Website (1)

Rob T Firefly (844560) | more than 8 years ago | (#15350636)

Dear Blue Security, Fucksocks. Sincerely, one of your latest members.

Re:From their Website (1)

ch-chuck (9622) | more than 8 years ago | (#15350711)

relentless campaign of email intimidation

I don't think I could ever be intimidated by an email - a registered snail mail from court or the bank, yes, but I've seen so much junk in email faking this and pretending that that I can't take *any* of it seriously. The only things I even bother with are expected mail, like when I place and order and receive email confirmation, it gets printed and filed. All unsolicited email is essentially trash. Family and friends use it just to wave hello - anything important is done over cell phone / vmail.

Well, that explains it (1)

vadim_t (324782) | more than 8 years ago | (#15350598)

I've been itching to sign up since I heard of this here, but first it was no confirmation email, then the members site went for a whole week with a "we're reorganizing it" message. I was wondering what kind of moron they have as an admin.

This is extremely disappointing, I must say. Now that they finally got a noticeable success, world wide recognition and made lots of spammers squirm and wonder what will they do, they go and give up? Sheesh.

But ah well. The client was Open Source, wasn't it? So, who will pick this one up, and get it back running? Pretty much all of the work seems to be done already, all it seems to need is becoming distributed, which would avoid this situation in the future.

Re:Well, that explains it (1)

PrescriptionWarning (932687) | more than 8 years ago | (#15350720)

I believe that even though as a company product the idea was pretty much doomed to failure... if this sort of application could take a much broader scope, such as someone creating a free client which automatically does the anti-spamming for the user from their own PC rather than using a centralized server, it would seem to me that it would make it impossible for the spammers to be able to target any one source. Of course it would only work if a huge number of people used it, big enough such that singling out a single target would be impossible. (not to mention they'd have to deal with ISPs)

Translation (0)

Anonymous Coward | more than 8 years ago | (#15350621)

"It seems an effective method has been found but more than a small private company could handle."

is much less confusing like so:

  It seems an effective method has been found, but it's more than a small private company could handle.

I'm probably wrong here (1)

zappepcs (820751) | more than 8 years ago | (#15350630)

I'm probably wrong here, but I thought this would be the perfect application of P2P functionality. No matter how much someone tries to poison P2P shared files, they can never poison them all. When the whitelist/blacklist updates are shared out as signed, and user rankings can be compared, all should work. There is no central server, and if you can see that the file you have downloaded comes from a user with excellent karma, then it can be trusted. Sure, even that will have ups and downs, but there is no way to stop any user from updating from multiple sources, many times per day.

If the client was written to judge on differences and other algorithms for comparing lists from different sources, I think it would work well, at least better than trying to make your own lists all the time.

Solving the Spam Bot problem (5, Insightful)

smartin (942) | more than 8 years ago | (#15350643)

It seems that the problem here is that they were brought down by the spammer's huge number of bots running on compromised machines. Why has no one tackled this problem? It seems to me that this should be the responsibility of the ISP's. I'm no expert but I believe that if someone reports to an ISP that a particlular IP address is running a bot, that it should be a simple process for the ISP to do some tests to see if that is true by checking the nature of the traffic coming out of the machine. If they decide that the machine has been compromised, they should shut down it's connection and redirect port 80 requests to a web page explaining to the owner that their machine has be compromised and how to fix it.

This does not seem to me to be a difficult technical problem and it is in everyone's interest to get the compromised machines off the net.

Re:Solving the Spam Bot problem (1)

NineNine (235196) | more than 8 years ago | (#15350769)

That's just not practical... you're talking about making sure that every PC on the planet is secure. A more practical solution is to go after the websites where the money is being made. I run Spam Vampire daily, and it does have a real impact. I get less spam, and I KNOW that I'm costing the spammers real money.

Re:Solving the Spam Bot problem (1)

Have Blue (616) | more than 8 years ago | (#15350775)

The problem with that is that high-level traffic analysis is relatively difficult and requires expensive hardware. And without that anyone who maxes out their upstream bandwidth for more than a short time is going to be suspected of spamming, which will result in plenty of angry articles on /.about how ISPs are infringing on their all-you-can-eat connections.

Re:Solving the Spam Bot problem (3, Informative)

Gr33nNight (679837) | more than 8 years ago | (#15350793)

I am an admin on a low user irc server. We have been attacked by spam bots on a number of occasions. Our global ban list is at 50,000+ ip addresses. How are we suppose to track down each ISP? They are virus infested machines all over the world.

Re:Solving the Spam Bot problem (4, Informative)

Pfhor (40220) | more than 8 years ago | (#15350813)

I made my university start the exact same policy. Shut down ports of the machines which were infected with klez. The problem was that students would just think their port was broken and plug into their roommates, etc. Obviously the school should have moved their MAC address into an infected pool and given them their own subnet with a webpage telling them that their machine was infected and to call tech support. But considering the somewhat large resources of people needed to get the machines back online (go and scrub the machine, most people were afraid to even touch them, and klez was a pain to remove). Not to mention the fact that people view their machines as appliances, not something needed to be maintained.

ISPs are using the blocking of outgoing smtp traffic on port 25 for this very reason. But to really shut down this problem the ISP would also have to be able to provide technical support to remove the virus, or atleast something of that nature. Let alone the customer won't even think their computer is infected (how could it be, i don't download anything!!?) and the flurry of angry phone calls would ensue.

We had users at my campus that had blocked ports for a month before we were able to get in touch with them, they just thought their computer was broken. Or we get a phone call from an angry parent whose little suzy or billy can't send them email and update their facebook.

The idea is possible, but it is a nightmare in reality to have to support.

If they had a lobbyist... (1)

erroneus (253617) | more than 8 years ago | (#15350656)

...they could do what other large companies do. They get the senate and congress to talk to their buddies overseas to pressure THEM to curtail their illegal activities and such. This tactic worked wonders for Enron when they were trying to get their power set up in other countries in spite of resistance from local governments. (They just got the U.S. Goverment to throw a little weight around, threatening to cut off any aid.)

Scary thought (3, Interesting)

dtsazza (956120) | more than 8 years ago | (#15350657)

This really drives home how important it is for Average-Joe users to have decent security. Time was, if you got infected with a virus you'd get your hard drives wiped and have to reboot your machine. Then, viruses stole information instead. Nowadays, it seems like anyone with the inclination to do so can set up their own botnet using relatively simple tools.

And of course, if you're in the business of breaking the law online (or rather just being generally anti-social) it's simply prudent to gather an army of computers, and then use that power to make others give into your demands. The actions of one hacker and his botnet caused an entire company to shut down operation - that's scary.

And scarier still is that the thousands of people whose computers were hammering away at the server, contributing to the victory of evil over good, are unaware of the part their machines played, and will doubtless play again.

This really is the computing equivalent of creating massive private armies with a mind-control drug - and while the email system really needs an overhaul, while the possibility to harness this kind of power exists there'll be the opportunity for extortion on this scale.

Don't fight the symptoms! Fight the causes! (0)

Anonymous Coward | more than 8 years ago | (#15350672)

Make it illegal to send spam AND to charge somebody else with sending it. Most of the spam does advertise something so fight the seller, not the spammer.

Spammers are the virtual mobsters. (1)

Qa1 (592969) | more than 8 years ago | (#15350673)

You mess with their illegal profits - they'll mess you up. It's as plain and simple as that. They're not even hiding it anymore.

Let's just hope they'll start receiving the treatement that their real-world counterparts have recieved. In our lifetime.

comcast's new email policy seems to work (1)

greenspeed (975442) | more than 8 years ago | (#15350678)

Comcast recently implemented the following policy:

"In an effort to help reduce the amount of spam reaching Comcast.net email addresses, Comcast has implemented a new policy that will block email sent from an email server that has no rDNS entry."

http://forums.comcast.net/comcastsupport/board/mes sage?board.id=2&message.id=79035 [comcast.net]

Since they did this spam getting through to my home account has dropped by at least 90%, as has mail ending up in the "screened mail" folder for my comcast email address.

Blue Security has closed it's doors. (0)

Anonymous Coward | more than 8 years ago | (#15350684)

It's means "it is" or "it has". The line should read "Blue Security has closed its doors."

One man can bring down the internet? (3, Interesting)

spge (783687) | more than 8 years ago | (#15350715)

I find it very hard to believe that it is this straight-forward for one individual to potentially bring down the entire internet infrastructure. The Register reported on this story and said, "Anti-spam firm Blue Security is to cease trading after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy." It went on to say, "During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet."

I suppose the most concerning part of this story is the bit where bribery appears to persuades a top ISP to make some dodgy configs:

"According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address (194.90.8.20) at internet backbone routers. This rendered Blue's main website inaccessible outside Israel."

This story smells a bit.

Re:One man can bring down the internet? (1)

Bananatree3 (872975) | more than 8 years ago | (#15350804)

In russia, corruption is still rampent, albeit not as visible though. Assuming this "Pharmamaster" spammer was a top cheese, he probably already had some sort of connection with the ISP, as the ISP would have not been too keen to allow a bigtime spammer without some sort of monitary payoff.

Joe Jobs. (0)

Anonymous Coward | more than 8 years ago | (#15350724)

What the reports fail to mention is that the spammers ran Blue Security's hashed email list, discovered who on their (Spammer's)list was also on the BS list and are now sending a multitude of 'Joe Job' emails using people on the BS list as the 'From' address. I am now getting about 400 bounce-backs a day, god knows how many get through.
 

The Matrix has won this battle. (0)

Anonymous Coward | more than 8 years ago | (#15350733)

Zion has been destroyed, the robots have won over free humans.

Ok, well maybe that's taking the metaphor to far, but it is definitally a score for the spammers here. I say if the Blue method worked, as it is obvious that the spammers were very annoyed, it should continue. If one batallion has fallen, another will rise.

Net Neutrality (1)

adharma (607872) | more than 8 years ago | (#15350746)

So, are the ISP's gonna do something about this in their "Net Neutrality" fight? I mean, most of the traffic out there has to be Spam, viruses and whatnot. Why are they not mentioned? Oh, I know because the entire case of the ISP's are Bullsh@#t.

We're going about this the wrong way (4, Insightful)

netruner (588721) | more than 8 years ago | (#15350766)

The bad guys won this time because we tried to match force with force. I've said it multiple times in this forum - we have to accept that spam isn't going to go away. The only way we're going to get it down to an acceptable level is to make it not worth doing.

Filtering is one way, but basing it on the raw content of the email won't work. If there was a public key repository where legitimate users placed a public key for decryption, and all legitmate email were sent encrypted with the corresponding private key, the authenticity of the email could be known. Then, if someone starts making a nuisance of themselves, they could get their public key revoked. If this method were used, filters could be made to only let through emails that decrypted with the public key of the sender.

Let's face it, spam is a fact of life. Remember that you're up against people who do this as their 9-5er with no regard for law, ethics or their public image if you want to go the force-vs-force route.

The Charge of the Light Brigade? (1)

petantik f00l (926671) | more than 8 years ago | (#15350767)

I though it was a bit of a no brainer that the spammers would win.

Blue security were/are dealing with people who thought they were above the law
Their servers got attacked ( if spammers control 50% of email messages i'm pretty sure one site wont be beyond their capabilities to DDOS)

It was a good idea but the only outcome was escalation and Blue Security didn't have the firepower to take them down

The following says it all (from http://poetry.eserver.org/light-brigade.html [eserver.org] )

[snip]

Flash'd all their sabres bare,
Flash'd as they turn'd in air,
Sabring the gunners there,
Charging an army, while
All the world wonder'd:
Plunged in the battery-smoke
Right thro' the line they broke;
Cossack and Russian
Reel'd from the sabre stroke
Shatter'd and sunder'd.
Then they rode back, but not
Not the six hundred.

[snip]

Cannon to right of them,
Cannon to left of them,
Cannon behind them
Volley'd and thunder'd;
Storm'd at with shot and shell,
While horse and hero fell,
They that had fought so well
Came thro' the jaws of Death
Back from the mouth of Hell,
All that was left of them,
Left of six hundred.

[snip]
---------------THE END----------------

http://www.xanga.com/petantik [xanga.com]

Spammers: "The war has been won!" (0)

Anonymous Coward | more than 8 years ago | (#15350773)

From Spammers forum:

Congratulations to all contributors! Kiss the frog goodbye [specialham.com]

(disable scripting before clicking to get past login)

You don't fight fire with fire... (1)

Demon-Xanth (100910) | more than 8 years ago | (#15350774)

You fight fire with water. Fighting fire with fire will just make the fire bigger unless it's very well directed fire.

So if you're gonna fight the spam fire with fire, use live fire. Or use water. Like from a firehose into thier systems. Motherboards LOVE "direct liquid cooling".

Sudden reversal (1)

MobyDisk (75490) | more than 8 years ago | (#15350790)

It was only a few days ago that everyone here was predicting that membership would surge due to the recently publicity. Then they suddenly go out of business? WTF? I hope this is some sort of ploy just to make spammers look bad, because this is definitely NOT a happy ending. Hell, this isn't even an ending.

Maybe it is time for them to start charging subscribers. Or to make this a community project.

someone take a fucking stand for once (0)

Anonymous Coward | more than 8 years ago | (#15350806)

[quote]After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations. [/quote]

I would have risked it.

I would urge people to ask blue to reconsider

No one has any balls anymore.

If you dont play high stakes you don't win much.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?