Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackFrog to Take up BlueFrog's Flag

Posted by ryuzaki0 on from the internet-routes-around-stupidity dept.

Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."

10 of 178 comments (clear)

  1. Link by Anonymous Coward · · Score: 4, Informative

    Link to the project website.

  2. Once you go black, you never go back. by DigDuality · · Score: 5, Informative

    Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.

    1. Re:Once you go black, you never go back. by DigDuality · · Score: 5, Informative

      an Okopipi is a poisonous blue frog.

  3. Re:source from bluefrog? by DigDuality · · Score: 4, Informative

    BlueFrog was open sourced and under the mozilla license, and yes they have the source code.

  4. Re:Poisonous frogs? by lhorn · · Score: 3, Informative

    That's the whole point of an analysis before sending opt-out messages from all members. I am not familiar with Black Frog intended function, but if a certain percentage of their members gets similar messages it's a fair bet it is spam. A FrogHerder must look at the message to ensure it is sufficently spammy, before action - this may even be legal somewhere in the world.

    --
    accept no limits but time
  5. Blue Security's reason for shutting down by Paran · · Score: 3, Informative

    I thought the reason Blue Security closed shop was because the spammers had diff'd their user database, identified quite a large amount of the participants, and then threatened virus attacks directed at them. Not because of the DDoS.

    Blue Security Gives up the Fight
    The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
    ...
    "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

    I'm guessing the only real difference is that users will know this time around.

  6. Re:Spamming the spammers? by forghy · · Score: 3, Informative

    The goal is to spam the spammer *sponsors*, not the spammers themselves. This is the exact reason why the blue frog was so successfull.
    Once you receive a mail advertizing pills or wrist ornaments , the Blue/Black frog client sends an opt-out message to the advertized mailbox.
    Let say this online shop sends a million spam messages by means of a spammer, he (the shop owner) receveives 1 million opt-out messages back !


    Days are counted for the spammers ! MUahAhahAHhaHAh

  7. How to prevent DDOS on the servers. by Spy+der+Mann · · Score: 4, Informative

    We're (yes, I'm part of the team - hello slashdot!) currently discussing using the main servers thru various proxys to anonymize the IP address. On a DDOS attack, the servers would just disconnect and then reconnect to another proxy and voila.

    Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).

  8. For the Nth time, we're NOT GOING TO DDOS!!! by Spy+der+Mann · · Score: 5, Informative

    Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
    --

    Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.

    Do you think we're idiots to let something like this happen?

    1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.

    2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.

    3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.

    4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.

    5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.

    6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.

    7. If any wants to cooperate, the google group is open to ideas.

    8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.

  9. IMPORTANT ANNOUNCEMENT FROM BLACK FROG by Spy+der+Mann · · Score: 4, Informative

    Due to TradeMark conflict, I have closed the Black Frog project. Actually the project was just a nameholder, since Okopipi was a separate project which I joined later.

    So the official name of the P2P antispam software is now "Okopipi". Please stop naming it "Black Frog" or we could get sued for Trademark Infringement.

    Thank you.

    (More info on my journal)