Slashdot Mirror
Lycos Anti-Spam Site Compromised [Updated]
An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.
If there are only a few large spamming... erm... entities, then I wonder how and when they'll finally be caught.
Attack those spammers! Someone needs to stand up to them!
Surely this has pissed off SOMEONE. Its too bad really, this just makes me want to get it more.
They wouldn't let phone telemarketers threaten you into buying whatever product. Aww, let's all feel sorry for the poor spammers. Boo hoo hoo.
----
Ground Control to Major Tom...
The Lycos screensaver has gotten a lot of press, and could certainly put a crimp in the spammers pocketbooks, and spammers aren't honest, so why wouldn't they hack Lycos?
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
Have to tougher them to fight them...
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
Clearly it must be a joke, since a Lycos rep is quoted as saying: "There's a risk we will receive some denial of service attacks in the next few days but we are ready."
I'm sick and tired of these hip, "ironic" sigs. This is an actual, honest-to-goodness no-nonsense sig!
Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. ....and now totally slashdotted off the map to boot.
READY.
PRINT ""+-0
The way to "fight" spammers is by following the law and litigating against them. Childish things like using illegal hacking tools just puts gasoline on an already out of control blaze. More stringent laws and serious punishments for spammers is the final key to doing away with the vast numbers of spammers.
The "technological" solution to spam has shown itself to be totally ineffective. The solution which has worked to not only put a small dent in the daily dose of spam but also enrich the general public has been to take the spammers to court and eventually to jail when necessary.
Spam is like selling kids crack cocaine. No one wants that kind of shit in the neighborhood, but the only people willing to "take back the streets" are ninnies and other gang members.
Yes, hacking websites is wrong, you know this, you shouldn't be doing it. Your ip address and your actions have been logged and will be reported to your ISP for further action.
Lad Vampire is still going strong. It's similar to the Lycos thing but only targets 419 scammers.
Someone was worried.
At 3:06AM I downloaded the EXE without a hitch. Anyone have any screenshots of the hijack that might mike this an actual.. um.. story?
Shane
...if you're remotely surprised that this happened.
...
...
...
Yeah, didn't think so.
If something like this is ever going to work, it's going to have to be a lot more underground, just like the spammers.
p
In Korea, long hair is for old people!
Somebody, Please set up a torrent for the installer and post it. Spammers may be persistant F**kers... but nobody can hinder the /. community when it comes to banding together for a cause.
Just drop acid, already, and invent something better... or quit your whining.
If anyone is interested, this link still works:
/ MLNS_screensaver_en.exe
http://download2.makelovenotspam.com/screensavers
Not only because the command-and-control server can be hacked and the hosts running the screensaver turned into a botnet used to launch DDoS attacks, as we see - but because a) the veracity of the so-called 'target list' cannot be verified to the degree necessary to make this even theoretically sensible (i.e., it could be gamed by those submitting false spam reports to induce the system to attack innocents, not to mention the PCs of innocents which have been compromised as spam-proxies along with the network infrastructures of their ISPs), but outbound DDoS can be just as devastating as inbound DDoS.
This is the stupidest idea ever. I hope several someones end up suing Lycos over this, it's just moronic.
-All- security measures should be predicated upon the sentiment expressed in Hippocrates' _Epidemics_ (-not- the Oath, that's a popular misconception) - '. . . first, do no harm'.
Report me? haha. Knowing my ISP, they'd probably increase my bandwidth.
I hope the guys who attacked Lycos are getting hit hard by their service. Keep it up Lycos! You're obviously hitting a nerve.
Guardian seems to be /.ed. (WTF?)
Here is a link
This kind of tactic, if not outright illegal, is a grey area...now perhaps, if you simply made a script to go through the emails, put every link on a list, and used spare bandwidth to request pages from all of the links that have been sent, that could be legal, but still a grey area.
What I don't think is a good idea is a company deciding who deserves to be DDoSed. In that sense, it is little better than MyDoom, which also attacked unpopular companies.
Personally, I think we should try to take down companies that use spam for advertising legally, rather than using a DDoS. But I might not have the popular view, you never know.
That screensaver is probably already circulating on P2P networks as well as FTP and Instant Messenging.
It'll be interesting to see how this pans out in the long run. One would imagine that this type of 'bad news' (such as comprimised security) will scare off a whole lot of users, and as a result reduce the overall bandwith power of what they're trying to accomplish. I wouldnt run a background app if I was aware that there's a legion of spammers out there trying to make exploits. Just my $0.02
So, what happens when Lycos points their DNS servers right back at them? Maybe it would create a cyber time-space vortex that would suck websites back into the past? ;) An internet wormhole of sorts...
Ok, time to turn off DS9 and get back to hw...
I'm amazed that Lycos thinks this will actually work, simply from the fact that I do not know anyone that has downloaded a "screen saver" for their computer in the last year.
It used to be all the rage... yes, starting with AfterDark decades ago, and finally culminating in WebShots a few years ago. But does anyone really do this nowadays? Seriously?
Maybe if it showed a random "babe/hunk of the day" while doing its nasty work it would be downloaded by more people...
I hate spam as much as the next person, but I'm having serious doubts about this project. How easy might it be to target this system to a legitimate website and turn the thing into a botnet for DDoS-attacks, and stuff like that?
The problem with spammers is a hopelessly outdated protocol for sending and relaying e-mail on the one hand, and on the other, governments failing to produce adequate legislation to combat spammers, scammers, and the like on the Internet.
Then think that most companies and business-oriented lobby groups fight hard to keep e-mail available as a direct marketing medium, the same way they would thoroughly object to a ban on telephone-based telemarketing.
We don't need a bunch of cowboys arming themselves with guns and taking out everyone they see as a danger to society/Internet, we need decent, solid legislation, and government commitment to take out spammers.
Or maybe it was a concerned white hat cracker who thinks DDoSs are just as bad as spam. Maybe it was a Free Software fan/advocate who doesn't want GNU/linux associated with vigilante justice.
when lycos's software is already flagged as spyware by all the anti-spyware manufacturers there is no way i want to run any of their shit no matter how good the cause
lycos was once a great engine (remember the ftp search) now its just one step away from a domain squatters site with financial services and casinos the prominent advertisers and search results dictated by who pays the most not the most relavent
perhaps the owners should go get proper jobs
I downloaded the installer on 11/26 when the first /. article came out and the MD5 sum of that file was: 237ee99dc7f35d2e2c0a8640086167bf
And hacking websites that attack spammers is fine.
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
Or maybe it's just a joke -- can you ever tell?
Yes, since it's working now again, it was probably unintentional.
Beware: In C++, your friends can see your privates!
Anyone tried to compile the MacOS X version under Linux? Any success?
Je fume. Tu fumes. Nous fûmes!
Please stop using the whole moderate this comment thing. It's very distracting and really stupid.
is not the download link, is the submitter a lycos employee or getting kickbacks from linktracking ?
IMR are in the same buisness as doubleclick and the rest of those scummy companies and are therefore firewalled to the hilt why link to them at all ?
If you're in control of the list of targeted spam sites, you can 1. make sure it never points back to your sites, and 2. alert a human whenever the DNS entry gets changed and verify before your spam fighting techniques take action against an innocent party.
The screensaver put my processor usage up to 100% though, so I stopped using it after one day.
or else!
In Korea, only old people use email.
http://www.planettribes.com/allyourbase/AYB2.swf
:~>
sorry
So now instead of being lured into clicking into something you just voluntarily download a hack and install it as a screen saver??? yeah right.... Like people is stupid enought to do that... (sarcasm anyone?)
===== "Every head is a different world so don't invade mine you FREAK!" smartSAGA said
... we all fought back. Being passive about the spam problem isn't going to do much about getting spam to go away. I, for one, support what Lycros have done and I can't wait for them to get the makelovenotspam site back up again, so that I can download the screen saver.
Free Firefox news reader.
I glade to see some hackers excersing their abilities in an ethical manner. Two arguments follow the DoSing of spammers. First just because some one does something wrong does not justify you doing the same. Second once you have Lycos DoSing people they suspect as being spammers, where do you draw the line. Whats stopping them from DoSing their competitors or mom/pop. Also if the FBI is going to waltz around stating "bad 13 year old hacker, no DoSing for you" than why the hell does a massive corporation have any more of a right to deny access to ones internet connection.
...with the Lycos screensaver as a payload.
Something needs to be done.
I'm sick of Nigeria, Rolex, Logos, Viagra and all the other needless crap.
1. Any decision must take longer than 6 months to reach. With few exceptions (Patriot Act, declarations of war, etc etc.) any piece of law in the government (at least the U.S. government) takes months to pass through the Senate and signed into law by the President. Therefore you CANNOT arrest someone, hold them until a bill passes and THEN jail them since everyone else under him would've scatter. Essentually making you look like a fool to people like the /. crowd. Governments (unless acting together) at out.
2. It cannot be done through EULAs since EULAs do not extend internationally. A simple proxy setup somewhere in Russia, India or China is enough to bypass that instantly. Corporations at out, due to legal reasons.
3. It MUST invade people's privacy. This is the INTERNET. This isn't CSI where you have fancy fingerprints that you can match up with the FBI's database. Theres no trail of breadcrumbs you can follow back you the spammers computer since it'll often lead internationally or through a zombified computer. Theres no motives here other than money, no doubt cover with its own miles and miles of internet BS covering its ass. You have millions of suspects, many of which are assisting in the crime without knowing it. Any law enforcement agency smaller than every intellience branch in the world combined cannot handle this task, the U.N. and watch-dog groups are out due to sheer amount of research that would be necessary.
What do you do? As for your analogy with spam and cocaine, ever hear of vigilantes? Course not, cause most of them act ILLEGALLY. A few 'accidents' to the local drug dealer does wonders to drug abuse in the area, instead of having to pay an extra hundred dollars in taxes to keep the same drug dealer in an overpopulated jail.
Actually, the screensaver could do a real damage on the Spam machine (and having in mind your comment, on Lycos itself). Keep in mind that half of the fools that would download the screensaver have their PCs acting as zombie relayers, so the screensaver would steal the bandwidth of the rootkits they've installed.
Flooding the spammers domains is absurd and uneffective.
Your head a splode
parent is a known troll, mod parent down.
The point of this screen saver is to increase the running costs of those website.
Who do you believe?
TODO: 753) write sig.
http://shit.slashdot.org/article.pl?sid=04/12/01/0 250244
The spammer's response is a strong indication that it's a pretty good idea, and one they really don't like and see as an actual threat to them.
I'm an American. I love this country and the freedoms that we used to have.
The main cost of spam is not the extra bandwidth it consumes. It's the human time lost in sorting the real mail from the crap every goddamn day. If by fighting it we (temporarily) double or triple the bandwidth wasted, I say, who cares?
What next? Users attack hardware vendors for not releasing drivers for graphics cards? Political parties make screensavers which overload the web servers of the opposition? We do not want to go there.
I guess this time they should consider themselves lucky that someone didn't manage to remove positive control over the screensavers from Lycos, effectively turning their DDoS zombie network into a tool for spammers. It would have been such a sweet irony of the very network of DDoS-agents created to thwart spammers would be turned into a spamming network.
They say that the screen saver downloads the pages, but that it does not display them. If they take the only potential fun out of it, who do they expect to actually use their silly thing?
I might have had some fun for a while with a screen saver displaying random spammer's pictures, but without it, why bother...
I don'y believe it's either. The screen saver does not do a DNS, in fact it's written not to. The spammers obviously want a lot of traffic to their sites (they cram my mailboxes to try to get that traffic. Even started hitting my gmail mailbox tonight, and I've never given out that gmail address!). So I just see the application as a handy way to give them the traffic they want, maybe they can stop sending me so much mail to try to get it now. And it's hardly unethical. It's being done to try to stop or slow the scourage of the Internet. No ethical issues about it, these people not only cram inboxes to the extreme (some accounts where I get hundreds of pieces of spam a day are completely useless to me anymore), they have expanded their efforts to trojans and viruses to take over other systems. Any effort to slow or stop such people cannot be unethical.
I'm an American. I love this country and the freedoms that we used to have.
just post the address(s) of the spamming servers to slashdot and see how long they last.
What goes around comes around, kid.
Maybe a source code copy that you could compile yourself might be OK, but I doubt we'll see that. What other system can you trust as safe, except maybe to download something now and confirm it's MD5 sum as being known good with several trusted sources in a week or two?
I'm an American. I love this country and the freedoms that we used to have.
Your company advocates a
() technical ( ) legislative () market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
"DOS style attack"? Hardly - it actively monitors the servers to prevent them going off line. A DOS attack goes all out to take a server down.
All Lycos is doing is send hits out to slow down a server. How is that different to posting a link in a news article in Slashdot? We all know that will get slashdotted, yet links are still posted. In both Lycos' and Slashdot's cases, something deliberate is done which causes a degredation in server perfomance. I don't see how it's any more of a DOS style attack than slashdotting a site.
Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
Is still a rose. This is still a DoS, no matter what kind of spin you want to put on this, this is still an attempt to shut down spammers by illegal means.
I deal with it all the time. Webshots is a very popular one that also tends to bog a lot of systems down.
People love nifty screen savers for some reason. Not sure why, when mine is active it's because I'm not at my desk, but most people are drawn to them.
about spammers, all the work that i have is to keep a domain name go get SPAM's then when i got one i just have the work to use my sweet script called addspammer.
that adds the spammer address to my sendmail access file, and search all mailbox's for that address and remove mail.
I'm very against DDoS it's a coward stuff.
But now i will support Lycos screenserver.
I'll keep my few MB/s of upload to try to stop.
Cheers.
Who needs a virus, I'll simply mail everybody on the internet this +0ta11y 4wes0m3 5p4m-f1ght1ng 5cr34n54v3r! Why hasn't anybody else thought of this!?!?
What... why are you all staring at me like I'm a total idiot?
Intent counts in many legal systems, and certianly in the US which is the relivant one. The intent of linking to a site on /. or most places is to show someone something cool. You see something you like, you send it in, the editors also like it, they link it. Now if it has the consequence of knocking out hte server, well, sorry, that wasn't what we were going for, just lots of people are interested.
This here is intentional loading of servers, for the purpose of using up resources. That's real different.
To give a parallel to different kind of law, take the unjustified death of a person. There's a whole range of crimes for it, and the big difference in based on intent. Manslaughter is when you kill someone, but didn't intend to do so. It could be because of soemthing like gross neglenence, vehicular, etc. You caused their death, and your actions or improper lack of action was the immediate cause, but you didn't intend for it to happen. Murder is when you did intend to kill them. The motivating force behind your actions was to cause their death.
Likewise, these two things are different. The effect may be the same, the intent is not.
What scares me is that in a few days (hours), someone was able to hack such servers. This makes me think any server is vulnerable, but not only vulnerable, but ready to be exploited.
What if such servers were at the disposal of anyone, who could utilize the bandwidth and cpu power they have?
Is your server safe? Probably yes (uh....dumb statement), but to those of you who spent time making sure your server is safe, do you think it is really safe?
All I have to say is go ahead, report it to my ISP. I'll then ask them to turn the report over to the attorney general so they can go after you for hacking, spamming and harassment. :)
One way to counter-counter-act would then be to change IP.... but you can hit back by compiling new screensavers that attack the new IP. Wait, maybe the screensaver downloads the IPs to attack from Lycos, that way DNS resolving wouldn't occur, and they cannot change their IP without being targetted again. Now, 2cents worth of code have put your 5,Interesting comment back to dusts. I hope you're not a team leader.
And "Well-done Lycos", is kind of retarded. Not because you had a single idea that's already used by spammers (targeting DNS names) doesn't mean that it's perfect. It's easy to counter, and I'm sure Lycos has some realy programmers who actually know what they are doing. I'm not sure what they did, but it must be around those lines. Those are most probably paid more than you.
PS to moderators (those who aren't his friend), this guy has more than 50% posts 0 or -1, either offtopic or troll. He's karma whoring, he admits it in his journal. Just for people to know.
Moderate this -1, unuseful and meaningless life.
Of Code And Men
Or, don't use dns in the client, use dns to update the list the client retrieves.
Sheesh. All the technology in the world won't provide common sense.
I've often thought that the ultimate denial of service attack would be if you could change the IP in the A record for www.google.com to that of any other site would render the site unaccessible. (Unless it was big enough to cope.) Anyone got root@ns1.akamai ? :)
Get your own free personal location tracker
Whenever there's a vested interest in a certain thing staying around (suprisingly, spam seems to pay off for someone) then there's going to be attacks on its antithesis. That's how things work, and Lycos was naive to think that they'd just get away with it.
Also, I might add that I initially thought of editing the code of the screen saver to send DDoS attacks to innocent sites, a potentially disasterous use of a cool-sounding program.
Every one knows Geeks are the good guys!
Sindri Traustason.
WTF? +5 Mod
yes, it is wrong to attack people like this.
however, this is not an attack; it is a defense. all other measures have failed. spammers are still invading our lives, wasting our time and money, pissing us all off to no end. we step up our defense, they step up their offense.
there comes a point where while it is wrong to attack, which of you would sooner die than kill the man who attacks you? THEY took the initiative. we are on the defensive.
i wholly agree that attacking spammers like this is wrong under normal circumstances, but they aren't playing by the rules. you would do well to remember that all is fair in love and war. what they want is your money. your attention.
and they will continue to do whatever they can to get both unless you wisen up and realise that some times, the only way to get rid of a bully is to punch him in the nose.
if you still reject this notion, consider the french. always surrender! surrender always! to this day, they cannot repel an invader without the help of a nation with balls. LOSERS!
i'd sooner take my chances on the outskirts of legal behaviour than kowtow and just *accept* that these people are making my life miserable.
...the main problems with this idea are twofold:
Putting aside comments on vigilante justice (mainly because on the 'net there's precious little other justice, and most seems misguided or uncomprehending) this seems on the surface like a good idea, and indeed I've heard several moderately techie people I know extolling its virtues. To explain why it's a bad idea I had to go into some depth, explaining network structures, server operations, and how spammers operate. When you consider these things (which come from a wide range of fields and thus are only immediately apparent to techie "lifers" - those who have a personal interest, not just a job-related focus on the field), it's soon apparent that the downsides outweigh the ups.
How long before someone designs viruses and trojans to remove the Lycos program? And then Lycos (or someone else) retaliates... it's just like the antivirus-viruses. An unscalable model.
ObIMHO: IMnotsoHO
-- What goes up must come down. Ask any SysAdmin.
Spam and DDOS' affects many people.
Spam and DDOS is a very bad effect
No, offcourse it won't help. Lycos knows that too.
Yes, it changes the way a lot of people look at spam. On makelovenotspam.com you (should) see a map where you can "click to annoy a spammer". This visualisation of where the spammers are, makes it more clear that it does nog come frome 'somewhere', but from somebody real. And you can really do something about it with a little help from Lycos!
People who did not have a picture of spam comes from known places, are really changed. This is not about IT-experts, but about ordinary people who hate spam too (and are possible customers of Lycos, ofcourse...). Wait and see for the adverts from Lycos "Lycos, active spam-killer", and you'll be surprised what will happen in a Spanish* court-room, when a spammer sues Lycos...
*) Lycos is a company from Spain
Actually, that link provided seems absolutely valid and does not show the message stated.
DNS poisoning anyone?
Can anyone in the U.S. who is getting the h4x0r3d message verify this IP?
Does this make sense? Ive seen it suggested somewhere:
One of the problems with spam is all the companies selling software that 'sends ten million emails a day'. Given that this is hardly likely to be for legitimate use (does your company have 10 million subscribers?) heres a way to hurt their pockets.
Go to google
Search for bulk email software
Click once on every google ad on the RHS.
Repeat each day.
Every click costs the spam (sorry *direct marketing*) company maybe $0.05. If everyone on slashdot did it, these companies would be hit bigtime. Their ad budgets would be used up, and their conversion rate would be zero.
Its not going to rid us of spam, but it IS one way to fuck up the assholes that make this stuff so easy.
DRM-free indie games for the PC and Mac: Positech Games
Hmmm.. Lycos should have expected this, as others here have pointed out. Others have also said that the way to go is the legal route, which I agree is the only long-term solution.
However, I would suggest that the approach to take is to target the retailers that are using the services of spammers. Spammers themselves are just the middle men and they get paid, I assume, by the folks who actualy sell the products in the first place. This also helps with the problems associated with targeting a spam server in Uzbekistan or somwhere.
It would require some interesting re interpretations of existing legislation or mabey some new laws. IANAL, so I nave no idea of the implications of doing this.
It's more like a 'screendestroyer'
I downloaded this yesterday. What does it do apart from use up spammers bandwidth? It keeps essentialy the same non changing image up on the screen. Er no thanks. My shiny new 19" TFT isn't going anywhere near that.
I know CRTs can now cope with static images, but TFTs can't.
The internet should have some serious design changes from an ISP perspective. We should look at making sure that all large ISPs use RBLs, have SMTP rate limiting imposed on customers accounts and block outbound dst_port 25 on all routers. That could then be lifted in the event of an application from users that require the use of a home adsl/soho mail server etc.
The work required initially and maintaining the list would take some time and resources but in the end the reduction of spam across the internet would be significant.
DDoS'ing spam providers just makes everyone just as bad as eachother (not really in my opinion but in theory). At the end of the day we should all make a concerted effort at reducing the amount of spam on the internet. Simply by using RBLs across the board the result would be phenominal especially when the bigger the ISP the bigger the reduction in spam being recieved. Less over heads using rbl instead of spamassassin/imms etc.
I know on my personal server with aroun 100 users and 10-15 domains I get around 60k of email a week and about 2,000 emails are legit..
Do this many /.ers really work for spammers, or what?
Frankly, this is a great idea. It's a fitting punishment, in that it uses up spammers' bandwidth, just as they use up the bandwidth of the public.
This is also not illegal by any reading of any laws I've heard about.
It's certainly not immoral, as they are only causing an increase in the operating costs of spammers. A fitting punishment.
If Lycos is using DNS records, rather than direct IP addresses, they're idiots. There's NO REASON for this program to use domain names.
Spammers can't be targeted by legal-means-only, as the internet crosses borders, and you can't possibly expect all nations of the world to introduce laws against spam.
This method, while it will increase network traffic (slightly) in the short-term, will decrease internet traffic, by large percentages, in the long-term.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I don't know who is more ignorant, the people that really don't understand their computer or you, for that attitude.
Just because you don't understand something does NOT make you 'deserving' of harm.
You need to get it thru your head ( and others like you ) that the common man DOES NOT understand the risks NOR SHOULD THEY. They are USERS not TECHIES...
Until you require people pass a test to have a PC, then you can not expect the user to have any knowledge about it.
Would you expect a TV watcher to understand how their TV works? All the digital and analog components? How the electrons are formed and manipulated on their way to the screen? If they don't, they might see something offensive.. got to hold them responsible for lack of specific technical knowledge beyond their normal life.
Or how about nuclear power generation, because they might get shocked by the power..
Get over yourself... You are what gives us all a bad name.
Man, I shouldn't feed the trolls....
---- Booth was a patriot ----
he's a cunt.
I just wondered, seeing how many machines out there are 0wned by spammers, whether someone will have the idea of making a worm that sets up the screensaver or implements the MLNS system invisibly as a service.
Not something I'd condone, but I could well imagine that someone fed up with the spam might see the end justifying the means....
... to post links on slashdot monthly.
Living in Karachi, I am now starting to get a lot of local Spam. Poeple who hhav just discovered a cheap new way of getting to 200,000 people.
I reply to the email (making sure to change the email address to something like nonon0@spam.cm) and ask them to call me on my mobile phone.
When the call comes in I let them explain about their product (this is costing them money!), then ask them to help me reduce my spam problem....
One way to stop spam would be a law allowing televised horrific abuse and torture of captured spammers. To quote Pulp Fiction "get medieval on your ass". This would certainly dissuade them from doing it anymore, as well as providing the rest of us with some light entertainment for an evening.
I find the older I get, and the more shit I see from people, the less tolerant I am. There should be a concept of someone having essentially surrendered their human rights when they act in ways that are nothing but a misery for others.
I too have felt the cold finger of injustice.
I'm on a clean Winblows 98 box, 500 mHz Pent III, and I'm almost always at 100 percent proc usage.
This similar Swedish spam-hitting screensaver has been around for some time now. (site in swedish though)
http://makelovenotspam.spray.se/
Most spam servers are in the west because they need good bandwidth. There may be some master spammer systems directing the spam in Eastern Europe, but most will be sitting in the west and so would their businesses.
In truth there are other ways to get around this. An advertiser offering a prescription drug or pirated software on the internet is breaking laws. The sale of unlicensed financial products is also breaking the law.
HA! So, apparently, it touched somebody's raw nerve! Good! I hope someone will come up with a version 2 that'll be a bit more robust. Did you know that the day BEFORE yesterday the screensaver had been downloaded 9,000 times? And yesterday this was 81,000 times! Small wonder our spammer friends got nervous!
Yes, it is well done. If the spammers change their dns to point to lycos, the people trying to buy the spammers product end up going to lycos instead - lycos gets more page views and makes more money. It's like lycos buying up old popular domains to drive traffic to their web sites. Their advertisers get more page views too.
Cha-Ching!
If a lot of spammers try to get revenge like that, you will probably see other sites make similar programs to generate page hits.
This application is NOT a DDoS on spammers! It simply causes *more* bandwidth usage than they normally would have. Lycos has checks in place to throttle back the sending of traffic if the site starts to falter. If the recipients of each of the spam messages sent out were actually visited by the users who received them, it would probably use up more bandwidth than this app does!
./ers... well.. maybe I can :)
The app *isn't* based off of DNS, so people can stop making false claims about it turning into an attack tool.
The listings are hand picked from a variety of sources and manually verified before they make it into the list. There are only high-profile drug rx, mortgage, etc spam sites in the list from what I've seen.
All I see is a bunch of comments of people attacking Lycos without a bit of understanding on how the application actually works, or what safeguards are actually in place. Just a bunch of people sitting back and saying "It'll never work!" and "Let the laws handle it". I can't believe I'm reading this crap coming from
Those ads cost more than a nickle to click on my friend. Depending on the populatiry of the search, one click can cost as much as $20.00, (that I have seen myself). My company uses this advertising method and it has been successful so far. Our per click advertising average is about $13.00. That's definatelyy per click too. I am sure other people who use this form of google ad can confirm this.
If you want to throw insults either let yourself be known or leave slashdot. At least pretend like you have a spine.
What happened to my robot, I was promised a robot.
Looks like so...i tried opening one spam site mentioned in lycos site (www.moretgage.info) and it took me here: http://www.makelovenotspam.com/intl/index.html
How Come the Guy who you speak of is still ranked at 5, funny and your ranked at 1. Seems to me that you make a damn good point.
is insignificant next to the power of the Force.
Must. Not. Reply. To. AC oh fuck it.
... ... ...
...
Here goes. Er - you dull witted git.
I know how to use auto power off. Think about it. Just think. 3 seconds.
Got it yet? Got it why something that's billed as a screen saver shouldn't display a static image?
Right.. Good.
"(xxii) interfere with computer networking or telecommunications service to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abuse of operator privileges and attempts to "crash" a host; and
(xxiii) violate the rules, regulations, or policies applicable to any network, server, computer database, or Web site that you access."
Now, in theory at least, couldn't they state that a program like this screensaver that floods a network against their (the other network's policies) violate these two sections? I know it's not "supposed" to be a DDoS attack, but it is still flooding a network with unnecessary traffic.
Can anyone tell me whether or not that would be accurate?
I have no problem fighting them in this way, so long as the software is careful and uses the more conservative and less political blackhole lists (such as SpamHaus).
Our government has no clue when it comes to technology. It's not the government's job ALONE to protect us. Sometimes we have to do it ourselves.
I'd like to see a version of this that DoS's banner ad services that do drive by malware installs...
Corporatism != Free Market
I knew something was up when the screen saver would not connect to the server to start requesting blacklisted sites.
I know last night for a few hours the site, along with alot of regional sites were having problems, then just became unaccessable.
Personally I was suprised it was able to last as long as it did, what it does is questionable, but it is a nice screensaver, and not a bad idea.
TruePunk | Games
Not true. I bet that the people who download this screensaver:
1) have a clue
2) care about the problem.
The people who are zombied are:
1) clueless
2) don't care, as long as they can view their pr0n.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
I installed it, and all it does is keep attacking 127.0.0.1.
I think somethings broke, anyways off to download more activeX porn downloaders.
Why don't we all peg our congressperson on this idea. Setup a registry for email service providers and have them fall under the jurisdiction of the FCC. Let people file complaints against these email providers and have the fcc investigate. If they are found responsible/negligent in policing their network.... *whack* fine em. and give the reasons why so the isps can then go and sue the people doing the spamming to recover the money from the fine, as well as boot them(if it's in their user agreements).
Cliff Claven
K.E.G. Party Chairman
Founding Leader of: Koncerned for Egalitarin Governance
Ok, time to turn off DS9 and get back to hw...
is that in meatspace? I've been meaning to go there one of these days.
You dont get the blacklists from lycos.
i sp am_screensaver/
"The sites targeted will come from blacklists generated by Spamcop and other anti-spam organizations"
http://www.spamfo.co.uk/News/Software/Lycos_ant
From a previous news article I had read lycos is just making it available to download, and marketing it so to speak, but another company developed it, and im guessing since the site is down/comprimised,and that you can not access the black list its hosted somewhere other then lycos. But I could be wrong.
TruePunk | Games
I don't agree with you at 100%:
* Bob: hey, Jo, I'm receiving loads of mails claiming that they can 3nl4rg3 my p3n|s!!!
* Jo: just install this lycos thingie I saw on Tucows.
* Bob: hey, thx pal!
Your head a splode
This looks like news forgery to me. Is there any indication of a security breach at Lycos? All we seem to have is "an anonymous reader" telling Slashdot that the screensaver was compromised, and at least one blog repeating what has been said on Slashdot. Maybe this is just another PR stunt by Lycos, or a spammer trolling Slashdot?
With Lycos relying on Javascript to get their message out, I sure won't waste my time trying to decipher it. If they can tell me where the spammer websites are, I'll be happy to evaluate their opinion and take appropriate action against those sites myself, after careful consideration. Lend Lycos my hardware and IP address, so that they can mastermind a DDoS attack disguised as me? Certainly not.
At 3:06 AM I was asleep!
The only solution is to filter it out and drop spam packets in the routers of the major ISPs and other networking companies
Oh well, what the hell...
Shouldn't be that hard to write a program that uses spare time/bandwidth to request google searches for phrases like "bulk email software", parse the result and send requests for the ad links. Same result, on a bigger scale, and IANAL but I can't see anything illegal about it.
Similarly, one could make a plugin to work with different email clients, that either integrates with existing spam filters or has its own. Anything judged to be spam would be searched for links that can then be requested during spare time. Nothing illegal about this, and it will only hit actual spammers, modulo the occasional false positive on the spam filter.
The Spammer has more money than I do. Most individuals do not have the resources to take a spammer to court. However, 10 Million individuals taking pot shots in the dark at the spammers by running anti-spam bots, and helping to make the spammer's life miserable will bring a lot of satisfaction to these individuals. Best of all, It doesn't cost anything.
This is the way for average citizens to help the world. Much like SETI and Cancer research, let your unused cycles and a little bandwidth help solve a worldwide blight.
The spammers work on a thin margin, but make money. If we can cut that margin, they will go away.
You have sites that are outside the US.
They use zombie armies to send the spam.
You cannot reach them by law, you cannot stop them by tech. You have to follow the money and stop the cash. The real target has to be the sites that want your traffic. Like stopping crack, when Joe citizen turns on the lights and confronts the problem, it goes away. You call them 'ninnies', I call them heroes.
I took a screenshot yesterday.... http://www.bizfuel.net/mlns/screen1.jpg
A clapped out portal from the Olden Days thinks up a stupid scheme to get attention and page hits from bored geeks, and it pays off in spades. There's no story here, other than that Lycos want to serve you ads by any means possible.
If you were blocking sigs, you wouldn't have to read this.
A hoax is just one way of implementing a DDoS attack. You spread a rumour, and get thousands of people to distribute that rumour, eventually causing end users to hit back against the victim of the hoax (in this case Lycos). Seems they succeeded, and Slashdot readers took part in it.
Wheteher it actually was a hoax, or Lycos is merely claiming it to avoid giving a more complicated answer, we may never know.
What about those of us who:
1) have a clue
2) don't really care because our email is pretty well protected
3) likes us some pr0n anyway!
That's right, we downloaded this too because we're sick to DEATH of hearing people whine about spam. I'll go blow the bastards up if you'll stop cluttering my news pages with spam about spamming!
...our new overlords?
Ahh..forget it.
Its like pissing in the wind, a guy has to go, but maybe its better to just turn your back on it.
At least I can tell my email server is working.
For now, I congradulate Lycos for at least doing something.
Now if only we can get Google on board.
I fight this daily, but wasn't/isn't Lycos the same company that distributes Lycos Sidesearch, a BHO/toolbar recognized by most spyware fighting organizations as spyware?
? id=453078521
e r/Sidesearch.html
http://www3.ca.com/securityadvisor/pest/pest.aspx
http://www.intermute.com/spysubtract/researchcent
http://xforce.iss.net/xforce/xfdb/14405
Would I be out of place calling hypocrisy here?
I don't moderate anymore. Karma penalty for 90% fair mods? Can I mod that unfair?
you can create a simple script foo.sh
d ite-email-marketing.com/index.htm&ai=AWB9DMperBJdo H8rmLGQrr28lMMrnqbwiyC BgpFAAAAAAQAAAAABA&num= 3" &
Then direct it to do:
wget "http://www.google.com/url?sa=l&q=http://www.expe
W-lBYM0xTwBDApTsTZAgq9kBEA
in a loop.
That would fix a lot of spam problems. Repat it 1500 times, and you have cost them $75.00 U.S.
On our servers we don't have any logs of an attack.
Of course not silly, good crackers sneak in, make the kill, sneak out, and cover their tracks.
Seriously, I see several possiblities here:
1) it's a fake report, like Lycos says
2) the crackers really ARE that good
3) the crackers disrupted DNS and Lycos never saw it but some of their customers did
4) the whole thing is a Lycos publicity stunt
My bets are on #1.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Ok, here comes my tinfoil hat moment:
//begin tinfoil hat mode
//end tinfoil hat mode
What if this is all an elaborate scam by Lycos to put a pretty little screensaver on your computer, that just so happens to be a data miiner as well, that does nothing really but use very small bits of your bandwidth to look like it's doing something. The aim of this is to get their name brand back into the public eye and MAYBE do some public good by bluffing spammers out of the game??
Cliff Claven
K.E.G. Party Chairman
Founding Leader of: Koncerned for Egalitarin Governance
The "technological" solution to spam has shown itself to be totally ineffective.
...).
"The" technological solution?? Who says there is only one such solution? There are all kinds of different solutions that may be implemented, some more effective than others. The problem is that the ones-that-matter don't want to try many of the solutions, for whatever reason (too costly? success puts a big dent in their profits?
Why not go after the companies that employ the services of the spammers and hurt the spammers where it hurts the most - their cash flow. If companies are threatened by litigation from class action suits of spammed email owners (with the company being directly linked to the spam via their advertised products or services), surely they will think twice about paying spammers to do their work?
do you really think J Blow user is going to know to get his screensaver updated or are a large chunk of them going to run the initial screensaver as long as they ran Win 98 unpatched (forever)
I'm sure this screensaver wouldn't work that way. Pushing updates to locally-stored spam server lists would require quite an effort (Symantec, McAfee et al know the effort involved in keeping their antivirus products updated--and because of that setup antivirus is far from 100% effective dur to non-updated clients out there). I think in this instance the screensaver would reference a centrally-maintained list on a lycos server somewhere every time the screensaver was invoked. It would work best this way because the list would be much shorter than a virus definition file and would change much more frequently.
Furthermore, unless the developers are brain-dead I'm sure they wouldn't try to deploy spam countermeasures to a host that isn't acting as a mail server. The screensaver probably tests for open relays or at least that the host has an open port accepting SMTP connections before trying to send requests. So, the worst Grandma would have to endure would be a handful of packets during a port scan. That is, unless Grandma prefers to run her own email server (which I'm sure Cox cable would not allow). And if Grandma is indeed running a mail relay because her PC is infected with a worm, the traffice would alert her and Cox quite quickly that there is a problem anyways...
What I don't get is, I don't see anyone mentioning Lycos Sidebar, and spyware like it. Lycos are just as scummy as hackers, and frankly, I whole heartedly would laugh in their faces if the claim is true. They deserve it. They deserve worse.
You don't honestly think Lycos would release what they're claiming here, without slipping in a little "extra functionality," do you?
If you do, I laugh at YOU.
First,is it `s DOS attack when all the program does is make a request for data to a webpage?
Second,the consumption of data from the verified sites comes from spamcop lists AND is human verified.
Finally third,right or wrong,each of us has the choice to either use the program,or not.
Like so many here i think this isn`t the right way to do it,but i am running the screensaver because i want things done.Law has obviously not worked,filtering works mostly and thunderbird currently doesn`t have hashcash or similar built in yet (have requested).
He downloaded and ran it. That problem was solved. Shame he didn't realise that there were other viruses in there too (or wasn't told that there might well me). Still, it's more than many ISPs do...
Paul "Say no to feeping creaturism"
Paul "Say no to feeping creaturism"
Today, you do not need to be licensed to operate a PC.
You do to drive a car. ( legally that is )
My statement was not that they should or should not be licensed, only that today they are not, and because of that you cant expect them to have a 'level of understanding'.. that level has not been legally defined.. yet.
---- Booth was a patriot ----
While i agree that the news does have a lot of data about it, that does not mean its understood..
Most people really dont have a clue what they are talking about on the news.. other then bad stuff is going on...
There is a large part of the user base out there that still doesnt understand how to even save a file... expecting them to understand about having to buy a 50 dollar program to stop something called a virus, that often doesnt effect their pc useage directly ( just being a spam zombie doesnt effect them playing their game.. ).. good luck..
---- Booth was a patriot ----
Granted that Outlook Express is lame to most "power-users", I submit that not many have really used their filtering fully - with a home-made set of whitelist filter rules put in place before a catch-all "suspect" filter, I get less than one false positive per week and ZERO false negatives. In my Outlook Express client. "Always with you it cannot be done." -Yoda
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
Was surfing around and managed to find an alternate site where you can grab the infamous anti-spam screensaver : http://www.mungdungus.com/MLNS.zip Enjoy :)
The idea is brilliant; since 90% of the people who find out about hacked sites find out after the compromised site has been fixed, and many don't even bother looking at the hack mirrors, you don't actually need to compromise a site in order for it to be reported as "hacked". Just directly target Slashdot and similar news sites and convince them the site has been hacked, and you get all the effect and infamy of an actual hack with none of the work or legal dangers.
It's meta-hacking, or something. I love it.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Dos'ed, Hacked and slashdotted... The 21st century equivalent of Hung, Drawn, and quartered?
Spamming is prevalent because it is literally free of cost to the spammers. This tool threatens to raise the cost of spamming end via excessive bandwidth demands at the spammer server end. If the cost of spamming became prohibitive then spam would be extinct and they would not have the resources to retain hackers to carry out their malicious efforts like deceptive URLs and hijacking innocent PCs as spam boxes.
The Lycos tool makes that threat very real. The spammers know this and they have focused their attack on the tool.
If they take legal action arguing that attacks on their ISPs was damaging their liveliehood, the same can be said of spammers' attacks on our inboxes and compromised PCs. When you accuse someone by pointing at them, there are always three fingers pointing back towards you.
Legislative actions are ineffective thanks to lobbying efforts from direct marketing organizations of which spammers are a member. The CANSPAM accomplishes nothing and trumps more aggressive state laws. If the government cannot provide relief, then the private sector will seek alternatives without their help.
It was only inevitable that this happened.
Begun, the spam war has.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
This guy has many friends for having me put at -1, flamebait while all I did was, as you said, make a point. Oh well, I guess I'll have to post somewhere else to receive the small credit I deserve for thinking more than talking. :)
Of Code And Men
So beautiful, so irritation, so annoying, but smart, very very smart
Specifically, the message now says the following:
What's controversial about killing vermin who have forfeited the right to be considered human by their actions?
That's all killing spammers means.
Tech Public Policy stuff
Which URL did you type in? None of the links provided by "anonymous reader" provided a clue as to the origin of the quoted text.
Anybody can write a message like that. The interesting part is not what the message says, but where it comes from.
Try finding out exactly what URL you are looking at, and preferrably also what IP address the server name resolves to (in case someone has messed with the DNS). Then fetch a copy of the page, HTML and everything, using wget or some similar tool. Examine it offline, perhaps using a browser with a non-contaminated cache, to determine if the message is indeed found in that page.
I have always considered page visit counters evil. Even more so when they come as inline images, from an external site. It's ten o'clock. Do you know where your inline images are?
It's the ultimate irony to realize that a company creating a product which potentially violates the law, as an effort to stop other companies (spammers) who violate the law, might be the first one to have legal action taken against them.
The idea could easily be adopted in such a manner to be legitimate though. The program could "monitor" a web site for changes and cache the pages. Then it's not bandwidth wasted. The program could have options for legitimate sites and a configuration file that could be plugged in, one with settings for popular sites with a conservative method of polling and another *cough* with "other" sites and an auto-delete of the cache feature. Seems like it could be legally doable.
The bottom line is that spammers are stealing everyone else's bandwidth. Law enforcement doesn't give a damn. Something must be done. Passing more laws hasn't fixed the situation. It doesn't seem unreasonable to strike back at spammers using the same approach they use -- which can be skirted around jursidictions just like they do. The only problem is the potential for abuse, but you have that already because of spammers forging headers.
I have to post this anonymously because spammers are a vindictive bunch of asses who would counter-DDOS those who oppose them. For this very reason, it seems imperative that among the tech community, we need to come up with our own solution that hits spammers where they live and consumes their resources.
Lycos product is a step in the right direction. And it can be done efficiently and effectively if you decentralize the spam source -- let users put in their own web addresses to suck bandwidth from.
I hate to be vigilante about it, but when the law enforcement people are clueless or ineffective, something must be done. Suck their bandwidth dry!!!
Seems to me like the only true way to combat the spam problem is to ditch the current e-mail system in favor of registered e-mail, where all e-mail traffic has definite identification (IOW, you have to log into an account registered by the e-mail provider provider not just to receive mail but also to send it).
Spammer accounts would then be definitely identified, and compromised/stolen accounts can be blocked and/or tracked more efficiently. Other methods could be placed that would allow for more security while still allowing for proper e-mail to flow.
Here are the list of the sites that this "screensaver" targets. www.ulitmatesolutionitems.com yournotagoingtolialkiadidls.com www.vicom.dk www.artofsense.com m39.computergearplus.com dwaspecials.info www.creditbecleen.com www.computergearplus.com m39.computergearplus.com www.educationpathways.com www.trainingconsortium.com www.printmediaprofits.biz www.riot3banistors.com www.buyherbalsonline.com e.ezybrzywoman.com www.amateurmatch.com www.bigger4ever.biz www.longeruntil.com.kb.fiklufa.com www.amateurmatch.com www.servantregard.com.kb.fiklufa.com
Who will be first with the screensaver that launches DCoB (Distributed Clicking of Banners) attacks on bulk emailers' AdWords?
Caveat Emptor is not a business model.
...but not to me.
;)
What is wrong with DDoS'ing spammers? - After all they are seriously DDoS'ing all of us when we have to spend way too much time deleting their junk from our inboxes. They started it and we finish it.
I've happily downloaded the screensaver, and my only problem is that it doesn't actually kill the webservers it hits. Removing all income from spam while driving up their bandwidth bill is the way to go. They'll all be broke in short order and hopefully never ever recover.
I hope a few of their ISPs actually hire goons with baseball bats to collect the fees the spammers end up owing, and make sure those goons know that the spammers think they're overweight and have a small penis which they cannot get up... Hopyfully it'll make them hit a bit harder and in more sensitive areas...
It's because the most common attribute of moderators here is utter stupidity. He did make a good point, and one that I've made elsewhere here. Too many of the posters don't bother to understand what they're commenting on and too many just don't have enough functional brain cells to rub together to make a spark. The combination is deadly: they get their facts wrong and then they fail to reason their way to a meaningful and coherent point.
I really enjoy reading all the comments about the legal implication of what I'm currently doing using Lycos' screensaver.
;-)
Some people insist it's unethical and even illegal...
Can someone please explain to humble me:
Since when did self-defense became either unethical or illegal?
These "entities" attack my mailboxes and my mailservers on a day-to-day basis.
Now that there's a simple way to fight back, I have suddenly mutated from victim to villain?
If someone breaks into your home won't you use any means necesary to delay or stop this intrusion?
If I sound the alarm and start shouting and hitting him, am I "disrupting the peace" and "attempting to cause bodily harm"???
Oh, one more thing.
The earth does not revolve around the US Legal System.
I really, trully wonder how the "laws" will be enforced upon entities of rogue (spamwise) nations like China and South Korea...
The day I see China extradite Wu Su Kwan on spam charges to the US, where he'll be immediately shipped to Guantanamo, I promise to stop using the screensaver.
Till then...
A screenshot (or why not a plain copy) of the HTML source code, including any Javascript code present, would have been more enlightening. Can you read Javascript? If not, how can you trust your computer to know what it's talking about?
When you encounter weird things happening with your web browser and you want to analyze it, the first thing to do is to disable various features such as Javascript, ActiveX, even inline images if you are really paranoid, then view the HTML source to see what is really happening here. Personally, I have disabled Javascript by default, enabling it (with prompting) only for sites in my "secure" zone. It means I sometimes have to press a "Yes" button to confirm that I want some code to be executed, but I least I have a fairly good idea of what my browser is doing. If the web page uses frames, I sometimes cut and paste the URLs of individual subframes to avoid loading several frames simultaneously.
You're quite right. All these morons wringing their hands and whining that Lycos is conducting a DDoS are shameful wusses, probably opposed to self defense in any form. They are all careful to say that they hate spam, but Heaven forbid anyone should actually try to do anything about it!
To all the hand-wringing morons: spam contains explicit invitations to visit spamvertized websites. That's it. That's all one has to know. They advertise, we visit. I've been doing it for a long time with wget. Anyone who can write a shell script can do it. But the Lycos screen saver packages it up and puts humans into the loop to exercise control that I don't have time to do.
This will hit spamvertizers where it hurts. It will work. Live with it. All the wuss morons should look themselves in the mirror each day and ask themselves what brain defect causes them to instinctively oppose anything that actually works and to leave the field open to criminals who have no principles.
Self-defense is neither unethical or illegal merely for being self-defense. In some cases, an act that is otherwise unethical or illegal may be considered both ethical and legal if performed in self-defense, but that's the exception to the general rule. Every act does not become legal merely for being self-defense.
They sure do, and my mailboxes suffer as well.
There have always been ways to fight back. I don't think you have mutated into anything, but if you have, it's not because Lycos has invented the concept of retaliation.
That's self-defense, analogous to rejecting inbound junk mail by means of blacklists, tarpitting, what have you. Your screensaver from Lycos doesn't prevent any junk mail from polluting your mail server, but instead takes part in collective retaliation against spammers in general. Retaliation is not self-defense, except on the macroscopic level. To use your analogy, Lycos is organizing a mob of angry villagers to gently harrass the landlords of known burglars.
You are trying to justify the act of retaliation by describing it as self-defense, which it is not. I'm not saying that retaliation is wrong (I engage in it myself at times), only that your justification for it doesn't hold.
The problem with the Lycos approach, as I see it, is that it's unclear who is responsible for the retaliation here. Are you acting as an informed individual, taking appropriate measures against someone you feel threatened by, or are you merely supporting Lycos financially by lending them your hardware to use as they see fit? Note that Lycos telling you they will only use your support for things you like doesn't mean a lot; they could be lying or they may simply be incompetent. Do you have any way of verifying that their screensaver does exactly what you expect from it, and do you assume full responsibility for its actions?
I asked the programmer behind the screensaver about this, and his argument was that the vast majority of Internet users don't have a clue as to how to fight back in a proper way, which is why they have written software for it. The purpose of the software is thus not to automate a task the user would otherwise be doing manually, but to automate a task the average user doesn't even understand. Those users cannot be regarded as "informed" about what activities they lend their resources to, just as they generally don't have a clue what the operating system they run is up to.
If you happen to know exactly what you are doing, you belong to a minority, and your action alone won't make much of a difference anyway. Put yourself in the position of the average user, and ask yourself the question: Am I willing to trust Lycos to do the right thing, without myself understanding the consequences of my support for this? If you don't trust them, you shouldn't be running their software. If you do trust them, I wonder what basis you have for that trust. It's not that what they are doing may be illegal, it's that you seem willing to take legal advice from them and let them dictate your actions.
I'd be happy to design my own retaliatory software and use it with the same blacklists and other information available to Lycos, simply to know what my computer is doing and assume responsibil
Thats the current list, it was my understanding that the screen saver would access the server at some point (that collects the data generated about requests made, usages and so on) and update the blacklisted sites that would be getting the http requests.
Not sure when this happens, or how often, but I would guess it would be some what often, incase they were forced to remove a site, or add new ones (maybe each time the screensaver restarted?).
A side not:
There are now over 103,000 screen savers running, compared to the 15,000 running about 4 days ago, so it seems to be taking off rather well.
TruePunk | Games
http://www.fool.com/News/mft/2004/mft04120213.htm
lycons has people verifying every single url they DDOS, all this /. hype abotu abuse is so not warented.
Personally I think the Lycos screensaver is a completley stupid, illegal, bandwidth-sucking idea. O.K, everyone hates spam but (and I quote from http://www.theregister.co.uk/2004/11/26/lycos_euro pe_spam_blitz/ `...33TB of 'useless' IP traffic...`, that's a bit over the top. If this thing grows in popularity, there could be (potentially) an Internet Crash !!!
-- There are 10 types of people in the world: Those who understand binary, And those who don't.
even better
However, I DO love Saddam and want to put him back in charge.
If you were blocking sigs, you wouldn't have to read this.