Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlueSecurity Database Compromised?

Posted by ryuzaki0 on from the bad-news dept.

EElyn writes "Numerous users of Blue Security's anti-spam system now report of a new form of aggressive spam. An unknown group of spammers claim to have derived a way to extract the member email addresses of Blue Security group's anti-spam system, called Blue Frog. Blue Frog, a small tool which once installed on the user's computer, enables Blue Security to systematically flood a known spammer's website with opt-out messages; much to the headache of the spammer. Tens of thousands of users have already signed up, so can it really be true that spammers now possess this database? Or is this yet another frail attempt by spammers to intimidate the user?" Another reader sent the text of the letter; read more to see.

Stray1 writes ""You are recieving this email because you are a member of BlueSecurity...." An email from unknown detractors has taken the Bluesecurity anti spam lists and decided to take matters into their own hands. I recieved this Email from an anonymous, and garbled host, which went on to say in not so fantastic english that I, as a Blusecurity member, would recieve this and many more (about 20 -30) spam messages a day until I left the blue security community. Blue Security, (www.bluesecurity.com)a website and community designed to lessen your Spam Email, is down for the moment. Is this what we have come to? Spam,(erm 'high volume email') companys holding your address hostage until you comply? "...We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user". I have to say, up until this point, my spam was down by about 70% to 80%."

2 of 375 comments (clear)

  1. It is true by karldavidson · · Score: 0, Troll

    I received that strange message yesterday, and sure enough I am now receiving a lot more spam It is all very similar too. I thought the message was a hoax, I checked the bluesecurity web page yesterday on they had a message stating that these spammers are using their own databases guessing that they would hit a bunch of the bluefrog users. I think it is obvious now that this is not true, the bluesecurity database has been compromised.

  2. The point is, they're right by ZWithaPGGB · · Score: 1, Troll

    I hate spam as much as the next guy, and have even helped design some solutions to the problem for service providers, but the points made in the back-spam are valid.
    1: By mailbombing suspected spammers, you guys are committing a crime.
    2: The potential for innocent victims in this scheme is huge.
    3: You are trusting a group of people whose credentials you don't really know. It's entirely possible, even probable, that they are, in fact, using your systems for purposes you don't support.
    4: Even if 3 above isn't true, all it would take is a compromise of the system, which is a pretty juicy target, to make it true.
    The probelm with a war on spam is the same as the problem with a war on terror. How do you tell who the bad guys are, and who gets to decide? It's not the same as a war against a state actor that engages in unrestricted U-Boat war. In fact, it's more analagous to having a bunch of destroyers depth charging where there are both U-Boats and friendly submarines, and hoping the gunnery officers get it right.
    The problem with diffuse threats is that you can ONLY defend, not attack, and no defense is perfect.