Slashdot Mirror


DOS Attack Via US Postal Service

Phronesis writes "Bruce Schneier reports in Crypto-Gram about the slashdot-inspired Post-office DOS attack on SPAM-king Alan Ralsky. More interesting, Schneier writes, is a recent paper on Defending against an internet-based attack on the physical world, which generalizes this attack and discusses how it could be automated and how one might defend against it (you can't stop it, but you could make it harder to effect). From the abstract of the article: 'The attack is, to some degree, a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services.'"

6 of 318 comments (clear)

  1. Re:Lack of authentication by liquidsin · · Score: 4, Interesting

    So instead of 600 magazines in my mailbox next month, I get 600 letters asking me if I want to subscribe? Sure, it's only a one time hassle instead of a monthly hassle, but it's still annoying. And calling to confirm is no less of a pain.

    --
    do not read this line twice.
  2. Automated Spam attacks... by Slurpee · · Score: 4, Interesting


    If you type the following search string into Google -- "request catalog name address city state zip" -- you'll get links to over 250,000 (the exact number varies) Web forms where you can type in your information and receive a catalog in the mail. Or, if you follow where this is going, you can type in the information of anyone you want. If you're a little bit clever with Perl (or any other scripting language), you can write a script that will automatically harvest the pages and fill in someone's information on all 250,000 forms. ... When you're done, voila! It's Slashdot's attack, fully automated and dutifully executed by the U.S. Postal Service.


    What's the chance of setting up a perl script to automatically find Junk Mail Kings and sign them up for the service? I'm sure many of these 250,000 would be junk mail kings. Just set them on each other!

    Though environmentally bad in the short term, if it shuts them down in the long term, it would save a heck of a lot of trees!

  3. Re:Hardly DOS is it by Wireless+Joe · · Score: 5, Interesting

    Fun little story...

    I recently was out of town for a few days. The tiny little mailbox that my apartment complex provides probably filled up on the second day, so the postal carrier took all of it back to the post office, and left me a lovely note that if I didn't pick it up in a few days, they'd send it all back. Luckily I got back in time to pick up my mail, but it was definitely an inconvenience tracking down which post office outlet had my mail and then taking the time to go get it.

    So for a few days my postbox was shut down (mini DOS), because the postal carrier wouldn't leave me any new mail until I found the time to pick up what had already been taken away.

  4. re: Google and DOS Attack Via US Postal Service by mediahacker · · Score: 4, Interesting

    He suggests that you type "request catalog name address city state zip" into Google whereupon Google will kick back some 250,000 pages with online web forms to fill out.

    Google now kicks back one hit - the article itself...

    You really have to strip your search down before it starts returning anything.

  5. retaliatory postal spamming works by Anonymous Coward · · Score: 5, Interesting

    I work for a scummy direct marketing company, and can tell you that when people mail back dog shit, dead cats, bricks, etc. it really does slow business down because that mail is not sorted from the legitimate mail. From time to time the bomb squad is even called in to check an unexpected parcel and that can gum up the whole works.

  6. Re:Lex Talionis is a morally bankrupt code by Ungrounded+Lightning · · Score: 5, Interesting

    Lex Talionis, the principle of an eye for an eye, is a morally bankrupt code of law we've been moving away from for the past few thousand years, thankfully.

    Wrong. Lex Talionis was the principle that you take NO MORE than an eye for an eye - promulgated as an "improvement" in an era where the response to losing an eye (or a purse) might be to do in the alleged perpetrator and confiscate all his worldly goods.

    It's morally bankrupt, all right. But only to the extent that if the thief only loses what he stole, and has a nonzero chance of getting away with it, theft remains a profitmaking enterprise despite full enforcement of the law. So it becomes an endorsement of theft as a lifestyle. This is why there are "puntitive damages" - extra penalties to punish the perpetrator (thus making continued misbehavior a losing proposition even with imperfect law enforcement).

    None of which applies here. Applying "Lex Talionis" to the spammer would mean spamming him, rather than seeking compensatory and puntitive damages.

    ===

    Which is what they did, isn't it? B-)

    ===

    Lex Talionis also recognizes a moral principal of equivalency, to wit: In an egalitarian society, regardless of what actions you think are fair, you have NO moral gripe if someone does to YOU what YOU did to them. If it was wrong for them to do in retaliation, it was AT LEAST as wrong for YOU to do without provocation.

    ===

    I note, by the way, that your posting is IDENTICAL to one you made several times previously - including in the slashdot article credited with inspring the USPS DDoS attack in the first place. (And that last one I cited was under your own slashdot ID of Chuck Flynn.) Given that, I felt free to repeat, almost verbatim, my response to your most recent previous missive.

    The posts that recieve your canned response seem to be any suggestion about spamming the spammers. You wouldn't happen to be a spammer, would you?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way