Home | Community | Message Board

MushroomMan Mycology
This site includes paid links. Please support our sponsors.

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Bridgetown Botanicals Bridgetown Botanicals

Jump to first unread post Pages: 1
 User Gallery
Registered: 06/08/03
Posts: 10,629
Blue Security surrenders to the spammers.
    #5640266 - 05/16/06 11:27 PM (18 years, 16 days ago)


A startup whose aggressive antispam measures drew a blistering counterattack from spammers two weeks ago that brought down the company's servers along with a wide swath of the internet is shuttering its program that targets junk e-mailers.

In an interview with Wired News, Blue Security CEO Eran Reshef said the Israel-based company was closing its service Wednesday since he did not want to be responsible for an ever-escalating war that could bring down internet service providers and websites around the world and subject its users to denial-of-service attacks from a well-organized group in control of a massive army of computer drones.

"Our community would very much like us to continue on the fight against spam, and our community has grown over the last week," Reshef said. "But at the end of the day if we continue doing so, within a few days, major websites will go down. I don't feel that this is something I can be responsible for. I cannot go ahead and rip up the internet to make Blue Security work. This is not the decision a commercial entity can make."

The abrupt decision ends a high-profile standoff between spammers and a tiny startup whose unorthodox methods had seemingly stymied some of the most prolific purveyors of junk e-mail in the world, if only temporarily. For a few intense days, the fight showed with shocking clarity the lengths to which some spammers will go to protect their businesses, and the devastating arsenals at their command.

The lesson to be learned, Reshef said, is that large ISPs and governments need to recognize that spammers are connected to criminal syndicates and that they, not a small startup, are the only ones who can shut down these networks.

Blue Security's 500,000 users had been successful in convincing six of the top 10 spam operations in the world to use its open-source mailing-list scrubber, which Reshef said proved that Blue Security's technology and approach was effective.

But other spammers responded differently.

Starting May 2, a spammer known as PharmaMaster used a massive network of zombie computers to flood Blue Security's database servers with fake traffic and hijacked a little-known Cisco Systems router feature known as "blackhole filtering" to block anyone outside Israel from accessing Blue Security's homepage.

The spammer also unleashed a torrent of spam targeted to a subset of Blue Security users, which the spammer had likely gotten by scrubbing an e-mail list and then comparing the old list with the new list. Any addresses removed from the old list could be identified as Blue Security users.

The distributed-denial-of-service attack brought down the databases, and the collateral damage included hundreds of thousands of websites and mail servers hosted by Tucows, according to Elliot Noss, president and CEO of Tucows, the internet's largest domain registrar.

"Just in terms of pure scale, it's pretty safe to call it massive," Noss said. "I think that really the most interesting observation was how distributed it was. We sampled IP addresses and over 70 percent were unique."

Blogging software provider Movable Type's hosted service, TypePad, also fell victim to PharmaMaster's bot network, after Blue Security realized that no one could reach its homepage and posted a message to its users on its old blog. Thirty minutes later, PharmaMaster started an attack that brought down thousands of blogs.

Blue Security's Blue Frog antispam tool worked by having customers install a small piece of software in their browsers that they used to report spam. After aggregating the reports, Blue Security would try to contact the spammers, the websites of companies being advertised and their ISPs to try to convince the spammers to clean their lists of e-mail accounts on the company's Do Not Intrude list.

If that did not work, Blue Security would write a custom script that spam recipients could use to send an opt-out request to the advertised website. In practice, that meant that hundreds of thousands of Blue Frog users could attempt to opt out at once. In addition, the software would fill in online order forms with the opt-out request if there was no other way to communicate with a spammer-advertised website.

This tactic, which Blue Security says is legal under the Can-Spam Act, was controversial with spammers and some antispammers alike.

Spammers complained in internet forums that the opt-out requests were simply a denial-of-service attack.

Anne P. Mitchell, president and CEO of the Institute for Spam and Internet Public Policy, is also a vocal critic of Blue Security's tactics who thinks the company was breaking computer crime laws by having its members fill in order forms with opt-out requests.

"Do you think Blue Frog cares if they are knowingly causing customers to break the law of their own home country?" Mitchell asked. "They don't care because they are sitting in Israel."

But Peter Swire, a law professor and former head privacy official for the Clinton administration, looked into the company's operations, found them legitimate and innovative, and signed onto the company's advisory board earlier this year.

"I get one spam e-mail and my computer sends one opt-out request," Swire said. "That is exactly what Can-Spam gives me the right to do."

Swire says he understands why Reshef has decided to shutter the service, because these levels of attacks are too much for a small company to withstand.

But he says the company showed that this tactic can work.

"If little Blue Security can affect 25 percent of spam, then this approach shows great promise if the big boys get involved," Swire said. "If there is a concerted effort by the big ISPs or by the government, the Can-Spam Act provably is the basis for reducing spam."

Eric Benhamou, chairman and CEO of Benhamou Global Ventures and one of Blue Security's lead investors, said he knew going in that Blue Security's task was difficult. Benhamou is not writing off Blue Security, whose technology he says has other uses, but he supports the company's decision to shut down in order to avoid more collateral damage.

"We knew it would get really serious when the adversary was wounded," he said. "There were no surprises on my part. When I first did my due diligence, Eran and Amir (Hirsch) told me clearly that they knew how to build the technology to accomplish this but weren't sure of the overall business proposition. I said that's fine, because I want to explore something that hasn't been done before and before there were only clever filters. This was totally innovative."

Extras: Filter Print Post Top

Folding@home Statistics
Registered: 09/23/00
Posts: 2,331
Loc: tartarus
Last seen: 8 years, 3 months
Re: Blue Security surrenders to the spammers. [Re: OJK]
    #5642800 - 05/17/06 05:31 PM (18 years, 15 days ago)

Fuckin spam.  :rockets:

~Happy sailing~

Extras: Filter Print Post Top
Male User Gallery

Folding@home Statistics
Registered: 09/13/05
Posts: 13,833
Loc: LA Suburbs
Last seen: 1 year, 29 days
Re: Blue Security surrenders to the spammers. [Re: OJK]
    #5643884 - 05/17/06 09:48 PM (18 years, 15 days ago)

The only reasonable action is to start sending large package-bombs to spammers.

You'd think twice about setting up a spam corporation when it could mean turning your office building into a flaming pile of rubble. :evil:


I find your lack of faith disturbing

Extras: Filter Print Post Top

Registered: 04/28/06
Posts: 1,089
Loc: Florida, US
Last seen: 17 years, 10 months
Re: Blue Security surrenders to the spammers. [Re: OJK]
    #5645331 - 05/18/06 06:51 AM (18 years, 15 days ago)

Spammers are worse than child rapists.

Seriously,isn't there a better way to make money, like...I dunno...sell heroin to school children?

Extras: Filter Print Post Top
Male User Gallery

Folding@home Statistics
Registered: 09/13/05
Posts: 13,833
Loc: LA Suburbs
Last seen: 1 year, 29 days
Re: Blue Security surrenders to the spammers. [Re: monamine]
    #5648193 - 05/18/06 10:38 PM (18 years, 14 days ago)


monamine said:
...sell heroin to school children?

Don't give them any encouragement, you know they'd do that in a heartbeat if they could get away with it. They'd probably cut it all full of nastyness too :mad2:


I find your lack of faith disturbing

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Bridgetown Botanicals Bridgetown Botanicals

Similar ThreadsPosterViewsRepliesLast post
* FTC: Windows feature is a backdoor for spam motamanM 1,271 7 11/12/03 07:34 AM
by T0aD
* Make Love Not Spam YthanA 715 8 12/02/04 04:40 PM
by Geezer
* Thor: Serious security issue zoodoo 2,616 13 06/05/02 04:58 AM
by Larrythescaryrex
* USA Patriot Act on Network Security Practice Lana 1,647 1 11/27/01 10:08 PM
by Ishmael
* Multiple Internet Explorer Vulnerabilities darkfly 1,270 7 07/15/04 03:43 AM
by AhronZombi
* Shroomery security concern Elektrolurch 1,844 2 11/13/01 05:32 AM
by Elektrolurch
* Computer Virus Fighters Warn Of New Internet Threat motamanM 1,023 2 08/22/03 05:47 PM
by monoamine
* Question for admin, and F-Secure Lana 2,121 2 05/28/01 12:18 PM

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
937 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.022 seconds spending 0.007 seconds on 14 queries.