Slashdot Mirror
Blue Security Gives up the Fight
bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"
The problem would be how to make a distributed system that can't be poisoned or decieved by
an attacker.
One of the nice attributes of having a central server is that BlueSecurity could validate
that the site was a legitimate target before unleashing the flurry of opt-out requests.
*sigh* back to work...
but anyone who's still getting spam in their inbox should install some nice filtering software.
That's not the point. If you run your own mail server or rely on filtering at your client end the spam uses up your bandwidth, your storage, your CPU resources to filter it, etc. Spammers like to use zombie machines around the net. Their operations cost them very little as they steal the capability from everyone else.
Trolling is a art,
Blue Security Ceases Anti-Spam Operations
When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.
Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.
However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.
After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.
As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.
You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.
We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.
We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.
We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.
Thank you for your support,
The Blue Security Team.
You mean like the screensaver from Lycos that died a horrible death too?
I am an admin on a low user irc server. We have been attacked by spam bots on a number of occasions. Our global ban list is at 50,000+ ip addresses. How are we suppose to track down each ISP? They are virus infested machines all over the world.
I made my university start the exact same policy. Shut down ports of the machines which were infected with klez. The problem was that students would just think their port was broken and plug into their roommates, etc. Obviously the school should have moved their MAC address into an infected pool and given them their own subnet with a webpage telling them that their machine was infected and to call tech support. But considering the somewhat large resources of people needed to get the machines back online (go and scrub the machine, most people were afraid to even touch them, and klez was a pain to remove). Not to mention the fact that people view their machines as appliances, not something needed to be maintained.
ISPs are using the blocking of outgoing smtp traffic on port 25 for this very reason. But to really shut down this problem the ISP would also have to be able to provide technical support to remove the virus, or atleast something of that nature. Let alone the customer won't even think their computer is infected (how could it be, i don't download anything!!?) and the flurry of angry phone calls would ensue.
We had users at my campus that had blocked ports for a month before we were able to get in touch with them, they just thought their computer was broken. Or we get a phone call from an angry parent whose little suzy or billy can't send them email and update their facebook.
The idea is possible, but it is a nightmare in reality to have to support.
What we need is to implement an open source p2p DOS network. Everybody can submit a link that they found in SPAM mail, with their DOS client. This way, the more a site is spamvertised, the more it is DOS-ed.
Of course, the amount of DOS the site gets should be comparable with the bandwidth needed to send the spams, so there are no abuses of the system. Just send their crap back to the sites they run.
That simply won't work because it will get exploited very easilly. I assume only links that have been submitted a large amount of times will get DDOSed. Someone will create a large amount of fake accounts on the P2P network, submit links to their target (or maybe spoof all the link submissions without needing to create fake accounts), and get a free DDOS network to attack whoever they want.
#!/
Why has no one tackled this problem?
Because its in nobody's financial interest. A zombie computer causes most of its harm to other networks, not the one its on.
Most of the ISPs are now large telcos and cable companies who hire support staff at would-you-like-fries-with-that wages. They don't have the capacity or the incentive to disinfect a zillion Windows boxes. It's much cheaper to buy a bigger pipe.
Of course, Microsoft owns the root problem. They sold a supposedly consumer-grade operating system that consumers can't maintain. Windows needs a dialog box that says, "You computer has been invaded by evil fuckwads. Would you like to kick them out?" where the two choices are "Yes" and "Ok".
I understand the idea was to SPAM the Spammers.
But who exactly did they span? The spoofed addresses? The owner of the original IP?
In the USA there is legislation that attempts to legitimise sending of unsolicited commercial email. This is the Can-Spam act and says among other things that if you want to send such, you must provide an opt-out method for people who dont want to receive it.
Obviously this only applies to US businesses who want to send junk emails, but there are plenty of those - and they think that because they follow the rules and provide an opt-out that its legitimate business.
Now, these companies contact or are contacted by somebody who is willing to send out bulk emails on their behalf for a fee. Often this turns out to be a scumbag bot operator in another country and as such is not subject to the US rules. These guys are beyond any law except the law of supply and demand.
What the Blue Frog people did was set up a system where you could forward junk mails to them, and they would discover the originating business and automatically fill out an opt-out request for you. This costs the US companies who are trying to run a business time and money to process and makes it less attractive for them to pay the spam kings to send the bulk mail and thus reduces demand.
Less demand is less money for the spam king and one or more (I would not be surprised to find a cartel) decided to attack Blue Frog.