Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Attacks on Spam

Posted by michael on from the war-machine-springs-to-life-opens-up-one-eager-eye dept.

AttackOfTheDictionaries writes "Project Honey Pot started operating back in November. The Project provides its participants with a script that generates fake webpages with unique honeypot email addresses. The end result is that Project Honey Pot can connect email harvesters' IP addresses with the spam received by those honeypot email addresses. Which is pretty nifty, but left some people asking how that would help legal attacks on spam. Well, it seems that some lawyer over at SecurityFocus has an answer."

11 of 153 comments (clear)

  1. Fighting Spam by superpulpsicle · · Score: 2, Insightful

    I have enough hard time setting up my website with decent security while allowing only Googlebot to come. Is it me or does this seem like alot of work to fight spam. Seriously shouldn't my ISP do that for me. Comcast does a mediocre job. The idea is to have me do nothing.

    1. Re:Fighting Spam by L.Bob.Rife · · Score: 3, Insightful

      Businesses are driven by business decisions. If you want an ISP that will fight spam, then you have to stop giving money to your ISP that doesn't fight spam.

      The reality is that while it would be nice if other people did everything for us, many times you have to take matters into your own hands.

    2. Re:Fighting Spam by SharpFang · · Score: 2, Insightful

      Is it me or does this seem like alot of work to fight spam.

      Sure! The method doesn't unload the effort in fighting spam at all, just opposite, adds work. So why...? Because it's profitable. You could make quite a decent living off lawsuits against spammers who fell for this. The idea is the spammer 1) can be identified 2) agrees to pay damage for every email harvested (implicitly. The bot does.) That won't solve problem of spam for your LAN. That will just make fight against spammers giving real financial profits (and serious financial damage to the spammers), resulting in more people interested in fighting spam (just for profit) and as result destroying spam as the whole.

      Wouldn't you welcome spam gladly if each spam you receive came with $50 paid to your account? Now you can.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  2. Until they farm harvesting out to zombies... by PornMaster · · Score: 4, Insightful

    When they farm out the harvesting work to zombies, it'll make this rather useless, no?

    --
    500GB of disk, 5TB of transfer, $5.95/mo
  3. Friggin' No Good Lawyers! by mekkab · · Score: 4, Insightful

    So wait, the spider/e-mail harvester's access of your web pages are illicit, YET the license on those pages is now binding? Including paying fees and agreeing to be sued?

    If this isn't an abuse of our legal system, then honestly, I don't know what is!!

    --
    In the future, I would want to not be isolated from my friends in the Space Station.
  4. This would be a bad thing (I am not a lawyer). by Sheetrock · · Score: 4, Insightful
    Even ignoring any possible First Amendment issues (which can be done if we discuss this hypothetically occuring only in other countries) imagine what kinds of doors are opened when you permit automatic sight-unseen licensing to take effect on material on the WWW?

    Here's a hint: website indexing as we know it will be completely destroyed the instant site owners can claim complete discretion about how their website information is used even though the websites are publically disclosed. Any automated webcrawling process could potentially subject the person running it to liability. Which means any future indexing will have to be vetted by hand.

    I could be misinterpreting this, but I think it would be very bad news to allow websites to bind people to contracts they aren't able to read or understand (even if we have a similar horrendous system for end-users of software). It's one thing to write a law restricting such behavior on a general basis, or specifying some way for people to opt-out of information collecting with a robots file, but even that is subject to confusion.

    Technical answers are needed for technical problems.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  5. Re:Follow the Money by Anonymous Coward · · Score: 3, Insightful

    I've often thought about this too. My main concern is it's too easy for any individual to successfully attack a company by simply spending just a few bucks to have a spammer send out some bogus spam ads.

  6. Re:Where is the Mafia when you need them? by Zocalo · · Score: 4, Insightful

    And what makes you think the Mafia isn't involved in actually sending the spam in the first place? Take a step back and look at the kinds of technical and organisational infrastructures that are used in spamming. We have address harvesting, botnets and the worms and malware to generate them, scams, counterfeiting of goods, moving goods (pills) from one country to another, hosting of services in countries all over the world. Oh, and much of this illegal too, and not just under legislation like CAN-SPAM. If that's not organized crime, then I don't know what is.

    --
    UNIX? They're not even circumcised! Savages!
  7. Spam Hit List by Renraku · · Score: 2, Insightful

    There are all kinds of issues when trying to deal with spammers themselves.

    First, you have to find them. And prove that they sent the spam knowingly (and it wasn't a virus or worm or something). Then you have to hope and pray their local government and/or ISP (if outside the US) gives a damn about their activities.

    That's a pretty big feat to accomplish in itself.

    Then you have to be able to prove (probably in court) that it was their spam operation. That can be harder without judicial help.

    You might get some satisfaction if their operation is shut down after all this, but they probably have others in on it, ready to take the business over. Start from scratch.

    Spammer pays his court-ordered dues, and goes right back to spamming, being a little more careful.

    This is too lengthy a process for spammers. I think that if the ISP doesn't do anything, and the local government doesn't care, it should be up to the users of the internet to stop the spammer. Now, this can be RBLing the spammer, or causing his hard drive to detonate inside of its case. Some society should be set up to reward people that take down spammers. Kind of like a mercnet, only with emphasis on not physically injuring the person, but rather on shutting down their operation.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  8. I dunno... by brunes69 · · Score: 3, Insightful

    I smell BS in this article.

    I mean, according to this, that means that someone could put a fancy legal document under a manhole cover saying "if you drive over this manhole, you agree to such and such".

    It's about the same thing - you never saw the agreement, so how could you have ever agreed to it? Surely they can't argue that a software program can enter into a legally binding agreement on its own - that would open up a whole other can of worms.

  9. Bottom Line by xant · · Score: 3, Insightful

    Address harvesting is illegal in some jurisdictions. If you're running a honeypot in that jurisdiction, and you can prove someone harvested an email address from you using the honeypot, it makes no difference whether they agreed to your license. They broke the law. If you go after them, you can nail them.

    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.