Blue Security's Bad Publicity Week Continues: Accused Of Knocking Out Six Apart

from the headaches-at-Blue-Security dept

Blue Security is not having a very good week, it seems. The company already had mixed reviews, as some felt its efforts to knock out spammers by filling their web forms with bogus info went a bit too far towards vigilante justice. On Tuesday, the news started spreading that the company's "Do Not Spam" list had been hijacked by spammers -- which wasn't entirely correct (but close enough for many). Instead, as has been predicted by anyone studying the idea of a Do Not Spam list, some spammers simply "washed" their list, and used the difference to figure out who many Blue Security users were. They then started bombarding those users with angry spam. At about the same time, Blue Security was hit with a massive distributed denial of service attack. Whether or not it was set up by the same spammer isn't clear -- but certainly seems likely. Shifting gears for a second, late Tuesday, a number of people noticed that the blogs they had hosted by Six Apart had been knocked offline. Six Apart has had some struggles over the last few months -- so many chalked it up to more growing pains. However, someone is now claiming the two stories are connected. Digg points us to a story claiming that after Blue Security's site went down, they pointed their hostname to a typepad blog, effectively moving the denial of service attack right into Six Apart's lap. The writeup makes it sound a lot more nefarious than it might really be. Blue Security probably figured that since their site was down just as the other problem was happening, they might as well direct people to their blog for more info... without realizing that the impact might take down all of Six Apart. Either way, it appears Six Apart has been careful not to place the blame on Blue Security... but as the story spreads (even if Blue Security had the best of intentions), it would seem that this just isn't Blue Security's week.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    BelchSpeak, 4 May 2006 @ 4:07am

    The Moving DDoS grabbed Attention

    When a DDoS happens in Israel, no one cares. When the DNS for the DDoS was moved to an American Blogging superpower that was subsequently crushed, it got attention, and the attack broke US law.

    Now- whatever you feel about BlueSecurity and their program- They became a victim of DDoS and a portion of US Critical Infrastructure was affected. This effectively draws US law enforcement into the fray.

    Sounds like a cool strategy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2006 @ 4:29am

    This is indefensible

    Either (a) Blue Security did not understand what the impact of this change would be or (b) they did.

    If (a), then they're idiots. Anyone with even a TINY clue about network and system security should have been able to figure this out in 30 seconds. If (b), then they bear equal blame for the attack on Six Apart. Given that their entire business model is based on redirecting abuse, though, I doubt that they have the courage and/or integrity to admit this.

    Blue Security are scumbags, and anyplace that hasn't already permanently blacklisted them (and their idiot customers) should do so immediately.

    reply to this | link to this | view in chronology ]

    • identicon
      Pope Ratzo, 4 May 2006 @ 8:56am

      Re: This is indefensible

      Dear Mr. Coward,

      By describing Blue Security as scumbags and their customers as idiots, you make it clear that you probably have some connection to the spam "industry", and you are possibly a spammer yourself. It doesn't surprise me that you would hide behind an alias, as do spammers.

      I endorse any punishment short of physical violence for spammers. They not only do harm to us individually, but cause damage to our economy and our society.

      Just the fact that spammers have intentionally corrupted a tool as valuable as email is enough to convince me that they deserve anything they get. Spammers represent some of the worst of human nature: the willingness to hurt others just for the chance to make a few pennies. Spammers are the real scumbags, and Blue Security, however misguided their techniques may have been, are absolutely correct in wanting to put a stop to spam and the despicable people who create and distribute it.

      reply to this | link to this | view in chronology ]

    • identicon
      DREi, 4 May 2006 @ 9:09am

      Re: This is indefensible

      Why do the customers have to be idiots? I'm not a customer but folks are out trying to keep spam from there inboxes. Just because they used Blue Security doesn't mean you have to insult them.

      Stupid A$$!

      reply to this | link to this | view in chronology ]

  • identicon
    Tomasz Andrzej Nidecki, 4 May 2006 @ 5:38am

    I wonder how many such comments are from spammers.

    I really loved the comment above by "Anonymous Coward" (the nick here fits very accurately).

    Whilst I agree, that the DDoS should not have been redirected to another site, I believe that Blue Security was simply sure, that one of the world's hugest sites is well-prepared for such things as DDoS (it must have been slashdotted or lived through a digg-effect many times before, so it must have been prepared). Therefore I believe that Blue Security did not realize, that this could have such a large impact (because they did not realize, how massive the DDoS on their domain was).

    The tactic used by Blue Security and Blue Frog obviously has nothing to do with a DDoS attack, but most Anonymous Cowards and idiots who cannot read before commenting seem to be apt to go to such conclusions. Some of them, because it's in their interest (they are or they represent the spammers affected), some because they can't read (and don't have a slightest clue as to how Blue Frog works), and some of them simply because they heard something somewhere and repeat it like a well-trained parrot.

    Blue Frog does not DDoS. Every member submits ONE complain only to the sites this member has been spammed by (i.e. if a member forwards spam to Blue Security, which spamvertizes a certain site, that same member sends ONE complaint via the Blue Frog to that site). This is obviously too hard to understand for some.

    Regarding publicity, maybe it's not wonderful, but it sure has drawn much interest to the system and Blue Security, once it's up and running again, will most probably experience an influx of users, who noticed that spammers are intimidated, and conclude that the system works.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2006 @ 11:17am

      Re: I wonder how many such comments are from spamm

      I wonder how many such comments are from ignorant newbies.

      For starters, idiot, I'm one of the Internet's leading spam-fighters. And of the things that all that experience has taught me is that any attempt to fight abuse with abuse is likely to either (a) fail and or (b) hit the wrong target. Or both. It's stupid, it's wrong, and it's unethical.

      Another thing it's taught me is that providing information to the enemy -- especially via automated processes that can be gamed via judicious use of input data -- is truly stupid. That's why, for instance, SMTP callbacks are an idiotic idea and are used only by morons who don't know any better. And it's why Bluesecurity's methodology is fatally flawed. (Of course, it sounds good to ignorant newbies, since it makes them feel like they might be actually hurting the spammers. And those dumb suckers are stupid enough to fall for that little bit of emotional manipulation.)

      Second, do you really think that spammers, or their minions, are going to waste time posting comments here? Why should they bother? Please. You're not important enough for them to worry about.

      Third (and this partially repeats point 2), you clearly have no idea who you're dealing with. Professional spammers are not stupid. They're not newbies. They're well-funded, they have access to enormous network and computing resources, and they have some amazingly talented programmers working for them. Bluesecurity, at its best, could only hope to be a mere pinprick.

      Fourth, given that they're wholly ineffective, it really does beg the question of why a DoS attack and why now? Oh, I'm well aware that Bluesecurity's sucker customers and sockpuppets are claiming that it's because they were having an impact. That's utter nonsense of course, but it does make for great PR for Bluesecurity.

      Fifth, and finally, the ignorance displayed in the followup comments here is truly appalling. Apparently few of you have taken the time to learn the history of the spam/anti-spam struggle, and as a result you are intent on making mistakes that others already made years ago, discovered, analyzed, and wrote up -- so that you wouldn't repeat them. But you are. And as a direct result of that, you're making the problem worse. It'd be nice if you stopped.

      reply to this | link to this | view in chronology ]

      • identicon
        LittleW0lf, 4 May 2006 @ 1:28pm

        Re: Re: I wonder how many such comments are from s

        Hmmm....

        Most of the "Internet's Leading Spam-Fighters" have very recognizable names... "Anonymous Coward" isn't one of them. The folks I know who deal with spam, and with identity theft, joe jobs, phishers, scammers, and the like tend to take the attitude that while Bluesecurity is a bandage, and a misguided one at that, they aren't so quick to label it ineffective or to label the folks who use it suckers and sockpuppets. And most of those that I know who are the Internet's Leading Spam-Fighters are happy to have their name (or even their pseudonym) be associated with their statements (since most of the folks involved tend to have an ego, like the rest of us.) Not saying you aren't a leading spam-fighter, but without evidence of your authority, I'm having a hard time believing you since your statements don't meld with what I've previously heard, though there are many factions in that community and you may be speaking from one that I haven't heard from before.

        Bluesecurity may be misguided, and it may or may not be making a difference (that has yet to be seen.) However, dumping everyone who uses Bluesecurity (for which I must admit, I do not use, have never used, and will likely never use,) into the category of "suckers" without explaining to the rest of us why they are making the same mistakes others made years ago (I have not heard from anyone within the spam-fighting community until now that Bluesecurity made any mistakes previously made, just that there were some issues about whether innocents could be hurt by the effort, though Bluesecurity has promised that humans are involved with making sure that no innocent is hurt.)

        I am well aware of the history, and quite frankly, nothing you have said would make me believe in the machinations of an Anonymous Coward. If anything, it is obvious you either have an axe to grind with Bluesecurity, or you like trolling Techdirt...

        reply to this | link to this | view in chronology ]

      • identicon
        Rick, 4 May 2006 @ 3:44pm

        Re: Re: I wonder how many such comments are from s

        "For starters, idiot, I'm one of the Internet's leading spam-fighters."

        Oh, sure you are, Mr. Anonymous Coward.

        reply to this | link to this | view in chronology ]

      • identicon
        amusedbyanonymouscoward, 8 May 2006 @ 7:27am

        Re: Re: I wonder how many such comments are from s

        Anonymous coward has been spamming message boards since this whole blue security thing blew open. Sort of like a degerate pyromaniac watching a fire and getting sexually aroused. He claims to be a spam fighter? Well then tell us what organization you belong to or work for? If you do have a job (other than spamming message boards).

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous 2, 19 May 2006 @ 2:03am

        Re: Re: I wonder how many such comments are from s

        Hmm... let me analyse your comment.

        For starters, you claim to be a leading spam fighter, but don't give any credibility to that claim. For all that I know, you could be a spammer's sock puppet (or not - I'm currently 50:50 on that issue).

        Another thing, Blue Security tried to be polite towards the spammers, and they wanted to establish a business model ("pay for our services, and you'll be opted out from spam"). That part didn't work, but it's absolutely inessential for the rest of their approach to work. A volunteer project with no intent of being nice to spamvertized sites could simply lodge a complaint per spam received, and effectively destroy the business model of the spammers.

        (Skipping second and third points, which are indeed valid.)

        Fourth, you say that the DDoS against Blue Security is not an indication that they have something, but you fail to give a single reason.

        Fifth, the lack of arguments you're giving is truly appalling. Apparently you neither looked at the other details of Blue Security's approach, nor do you give us unwashed masses a link to the pages where the mistakes that others made years ago are described and analyzed. It would be nice if you were a little more constructive.

        Until then, the only effect of your comments is that of (trying to) dishearten anti-spam approaches.
        Actually that makes your a candidate for the "spammer's sock puppet" tag. I'd be happy to be proven otherwise, of course - give some real arguments and some details, educate instead of shouting down, and you'll be given more credit.

        Thanks for listening.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2006 @ 5:50am

    System works?

    hmmm, ok

    Not sure, but I know my delete button works well - it seems to deal with spam just fine. And it's free with the purchase of any standard keyboard :)

    You'd think a security company would be ready for various internet based attacks, but perhaps I'm wrong...

    All that being said, no this anonymous poster doesn't know - past what I read here and a quick google search - what either of these two are.

    Oh, Blue Security's web site's down - kinda hard to see what it's all about...

    reply to this | link to this | view in chronology ]

    • identicon
      Pope Ratzo, 4 May 2006 @ 9:02am

      Re:

      The assertion that the "delete button" is all that's necessary to fight spam is about as dopey as they come.

      It's like telling a woman "if you don't like getting raped, you should wear a chastity belt. It's the only tool you need to fight rape".

      Tell you what, if you don't mind having to delete hundreds of spam every day, and if you don't care about the lost productivity, damage to the economy, the extent of human frustration spam causes, and the despicable people who would try to force something down another person's throat, then you just go ahead and keep hitting that delete button.

      But stay out of the way of those of us who believe we have the right to protect ourselves from spam and the damage it does.

      reply to this | link to this | view in chronology ]

    • identicon
      Estong Tutong, 6 May 2006 @ 12:59am

      Re: Delete does not work

      Simply deleting every spam mail you receive does not solve the problem of receiving spam. You still have to contend with spam - something that costs you time, energy and money (bandwidth-wise). The solution to the problem of receiving spam is to stop the spammer from sending spam.

      Blue Security does this just right with Blue Frog. Unfortunately, a war broke out. And with it, the spammer bribed a major internet backbone staff to remove DNS pointers to official Blue Security web servers. This means that SYN flooding/distributed DOS attacks against the official Blue Security webservers did not actually cripple Blue Security's webservers. Blue Security's website was still available only to Israel at that time. In order to communicate with its global users, Blue Security had to temporarily set up camp somewhere - and maybe they figured that one of the fastest ways to do this was with Six Apart's blogging services. It is unfortunate that the irate spammer mindlessly attacked Six Apart's webservers because of this.

      Blue Security may have been at fault for not properly informing Six Apart of their temporary camp set up. But we cannot just irresponsibly claim that Blue Security was the cause of the attack - it was the spammer.

      reply to this | link to this | view in chronology ]

  • identicon
    robin.myopenid.com, 4 May 2006 @ 5:59am

    The spammers are mad, so it IS working

    I would be worried if the spammers weren't fighting back.

    Robin

    reply to this | link to this | view in chronology ]

  • identicon
    Henry, 4 May 2006 @ 7:08am

    Whose internet is it anyway?

    Of course the Blue Security web site is down - it's being DDOS'ed by a bunch of cyber thugs.

    These thugs are also posting inaccurate and misleading information about Blue Security.

    These are criminals who send millions of SPAM e-mails containing obnoxious material on a daily basis and do not care two hoots about anyones rights, legal or otherwise.

    Blue security is a legitimate and legal response which enpowers me and the other 500,000+ members to exercise my right to ask the spammers to stop sending me this junk.

    All the spammers have to do is to stop bothering the community by using the tools provided for that purpose by Blue Security.

    Alternatively they can become legitimate, provide real websites, genuine opt-outs, pay taxes and obey the law.

    That is the point is it not?

    The spammers are criminals engaged in a criminal activity.

    reply to this | link to this | view in chronology ]

  • icon
    John (profile), 4 May 2006 @ 7:31am

    I'm a Blue Frog user

    I've been using Blue Security's Blue Frog software for a few months now. On Sunday, I was hit with the spam telling me that the Blue Frog database had been hacked. (It hadn't really, but it was the spammer's way of telling me that they had washed their list.)
    Since then, I have seen my amount of spam go through the roof: from 5 or 6 spam e-mails a day to 35 to 40.

    How does this increase in spam help the spammers? Sure, they may be angry that people are trying to fight back, but if they didn't spam people in the first place, we wouldn't need to report their spam.

    By sending "angry spam", this simply escalates the battle: spammers send more spam, which will then get reported to Blue Frog, SpamCop, the FTC, ISP's, and others, which will place them on black lists even faster than before.

    The best way to fight spam is to teach people not to buy products listed in spam e-mails. If we can get people to stop clicking the links, then the revenue to these spamvertised sites would stop. If the sites have no income, they won't pay the spammers to send spam.
    And you know what? This tactic is perfectly legal. :)

    And to all the people who say "just hit the delete key": have you ever thought about the economics involved? If it takes one person one second to delete the e-mail, how long does it take everyone to delete millions of spam e-mails? Now multiply that by an average person's wages and you start to see the cost of lost productivity.

    Plus, what about the costs on the networks that transmit these spam e-mails? The spammer pays nothing to send out millions of e-mails, yet the relays, switches, servers, and receiving people have to bear the cost.

    reply to this | link to this | view in chronology ]

  • identicon
    Spam Angered Citizen, 4 May 2006 @ 7:47am

    You Are Served!

    Thank you Henry for that simple yet direct explaination of the 'why' we use the Blue Frog.

    When I get a phone call from a person I do not know, I first ask who they are and who they work for. Then I ask if this is a marketing call. I then inform them that I do not take marketing/sales calls and promptly hang up.

    This is what Blue Security does for me and my emails. I don't request that Spammers send me this additional work-load each day. So this is my way of dealing with it.

    Of course the Delete Key works...BUT...
    I have found that most of the removal links don't get me off their spam campaigns. Rather it appears that efforts are doubled or tripled against me for politely asking for my email address to be removed.

    Someone has to fend for the less technophile of us out there and Blue Security is one shining knight in a small group of them.

    God bless the people behind Blue Security who want to stand up against the hoards of unwanted spammers and their vile garbage dumping.

    You Spammers make life on the computer less fun, far less productive and an outright pain to use.

    I will fight back as you leave me no option. So take your licks damn it!


    - or kindly stop your assaults on my daily life!

    reply to this | link to this | view in chronology ]

  • identicon
    RossyMole, 4 May 2006 @ 8:22am

    Spam vs Junk Mail...

    I am always amazed to see such righteous folks speak about people who send unsolicited email as criminals while the USPS puts 20+ pages of paper in my box every day and I can not opt-out. Perhaps some of us spend too much time sitting down, inside looking for an "EASY FIGHT". I find this a symptom of a much greater problem; America grows more fat and lazy every day... For most the Internet is the new TV.

    reply to this | link to this | view in chronology ]

    • identicon
      DREi, 4 May 2006 @ 9:35am

      Re: Spam vs Junk Mail...

      Ummm...You can opt out of Junk Mailings and it all has to do with the credit reporting agencies. Google it up I'm sure you will find info on the topic.

      reply to this | link to this | view in chronology ]

    • identicon
      Tin Ear, 4 May 2006 @ 10:54am

      Re: Spam vs Junk Mail...

      You may also want to remember that the Junk Mail that arrives in your MAILBOX greatly differs from the Spam you get in your INBOX, outside of the method of delivery. Junk mail has been PAID FOR. Spam is not. The people who send you offers through the USPS have put some serious money towards postage and printing. Even at bulk rates, it comes to a pretty penny. Spammers are trying to get you to buy their products with a very minimal outlay.

      I'll actually leaf through my 'Junk Mail'. My Spam usually goes right into the trash without a first glance.

      reply to this | link to this | view in chronology ]

    • identicon
      colt.45, 4 May 2006 @ 11:06am

      Re: Spam vs Junk Mail...

      i aint very self rightous at all and i think they are ass holes.. maybe not criminals unless they screw up my pc ... but as for usps bring me physical spam, at the least that spam is paid for and it subsidizes the real mail that i do want. if not for the junk mail a first class stamp would cost five bucks...what does the spam do for us?
      and as for americans being fat or lazy, or what ever it was u said, all i can say to that is what booger redwine from muleshoe, texas would say, "FUCK YOU, TOWEL-HEAD." ah..thanks for listening. i feel so much better now.

      reply to this | link to this | view in chronology ]

    • identicon
      A Canuck!, 4 May 2006 @ 2:55pm

      Re: Spam vs Junk Mail...

      Here in Canada, "No Flyers Please" on your mailbox saves you the trouble. Atleast on the East coast. On the other hand, some are delivered by kids. I let them have the .10c or .25c or so, deliver away, and chuck the flyers in a pile until it's garbage day.
      My sister did so for a year to pay her way to Paris, so I like to think there are others so resourceful.

      reply to this | link to this | view in chronology ]

  • identicon
    Backspace, 4 May 2006 @ 9:12am

    So do we all have to change our email addresses?
    I've got at least 50 spamails.

    reply to this | link to this | view in chronology ]

  • identicon
    L337 Man!, 4 May 2006 @ 9:19am

    I hate spam.

    //3LL, 1 7|-|1|||

    reply to this | link to this | view in chronology ]

  • identicon
    MuchoMaas, 4 May 2006 @ 9:23am

    I find it shocking that a site as huge as typepad.com can suffer that much downtime from a DDoS. I realize how nasty DDoS can be, but DDoS happens all the time. The Kentucky Derby is happening this weekend. Guess how many gambling sites will effectively manage DDoS this weekend?

    Part of the reality of becoming a hosting company is dealing with the ugliness of site hosting. DDoS is a tremendous challenge but one that a lot of Rackspace techs and gambling site techs could tell you about.

    reply to this | link to this | view in chronology ]

  • identicon
    SpamMagnet, 4 May 2006 @ 9:39am

    Spam filtering by Pobox.com

    Consider subscribing to an excellent spam filtering/mail forwarding service, http://pobox.com, in addition to Blue Frogging any spam received--which will then be very little and with less than 0.5% false positives.

    I am in no way affiliated with Pobox.com, but am only a *very* satisfied customer. For only $20/year Pobox.com's service is invaluable. It has kept my mailbox virtually spam-free for a few years now.

    reply to this | link to this | view in chronology ]

  • identicon
    Henry, 4 May 2006 @ 10:34am

    Re Spam and Junk Mail

    I am sorry if the usage of the word "criminal" upsets folk.

    I do not know of any other word to use to accurately describe the activities of the spammers who threatened me and fellow my community members repeatedly over the last few days, or push invitations to buy illegal copies of software, umprescribed drugs, bogus stock options or pornography into my in-box.

    If these spam e-mails were physical "junk mail", sent out by the million, then the perpetrators would quickly be stopped.

    The whole structure of the internet would need to be changed in order to stop spam at a technical level.

    reply to this | link to this | view in chronology ]

  • identicon
    Henry, 4 May 2006 @ 12:37pm

    Re: I wonder how many such comments are from spamm

    It's interesting that one of the " Internet's leading spam-fighters" has time to tell us to lay off and lie down, while the spammers are busy at work spamming and cannot be bothered to seed this forum in the same way that they have seeded other forums.

    See:

    http://www.realtechnews.com/posts/3011

    which contains posts from spammers.

    Have a good look at the threats and spoofed comments.

    Blue Security uses a number of methods for spam reporting, not just SMTP.


    I have only been in the IT industry for 35 years, so I guess you could call me a "Newbie". So please explain:

    1) How can a situation already out of control get any worse?

    2) Why should we stop?

    3) You are the expert - What alternatives do you offer apart from calling us idiots?

    4) Why haven't the "experts" managed to solve this issue so far?


    It would be very nice for the spammers if we did stop - wouldn't it?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2006 @ 1:23pm

    Brief answers to your questions.

    1. The situation gets worse when people insist on deploying ideas that are (variously) broken, stupid or abusive. The last several years have seen a steady parade of those -- of which Bluesecurity is only one. Many of these come from people eager to cash in on the problem. One good way to spot such profiteers is to ask yourself "Is it in the financial interest of this company to actually try to solve the problem...or is it in their interest to make sure it sticks around?"

    2. You should stop because you are making the problem worse. (I would think that would be obvious, but maybe not.) Handing over valuable intelligence to the enemy is a very stupid move no matter how it gets done. Doing it abusively is much worse. (Free clue for those who haven't been paying attention for the last several years: spammer web sites are frequently not what, or where, they appear to be.)

    3. Well-known, well-understood, massively documented anti-spam technqiues make it a trivial exercise to deal with 95% of incoming spam. Dealing with what remains gets progressively trickier (and thus harder) as you go, of course, but then it becomes a question of whether you're trying to return your incoming mail to a usable state or whether you're trying to nail every last one. A fairly clueful setup using a solid MTA (sendmail or postfix or courier or exim), DNSBLs, RHSBLs, perphaps SpamAssassin, perhaps MIMEdefang, perhaps ClamAV or another AV tool, will easily deal with in excess of 99% of incoming spam correctly -- that is, by rejecting it during the SMTP conversation so that it doesn't cause backscatter. (And I'd be remiss if I didn't mention the Spamhaus DROP list. Put it in your firewalls. It stops a lot more than just spam.)

    None of this is particularly new. It's all been written up over and over and over again. Yet we see people wasting time with overpriced junk (e.g. Barracuda), "anti-spam" software sold by spammers (e.g. IHateSpam from Stu "spambag" Soujerwman), abusive practices (e.g. callbacks), spamming anti-spam software (e.g. C/R), bonehead ideas (e.g. SPF/DomainKeys/etc.) and other nonsense.

    4. We have. On our mail systems. All you have to do is do the same thing on yours and you'll be roughly as successful. ("roughly" because everyone's incoming spam is different. You might do a bit better, you might do a little worse.)

    5. (in answer to your last question). No. They spammesr don't care. They don't care because it doesn't affect them. It doesn't affect them because they now have access to/control of the largest distributed, scalable, fault-tolerant computing cluster ever built. They have resources that make server farms like Google's look insignificant. So the chances of anyone mounting any kind of successful attack against that are absolutely zero. It'd be like trying to drown someone who owns the ocean. It's very, very stupid to even try.

    Oh, it appeals to the emotions, to "strike a blow against the spammers" and all that. But it's ridiculous, childish nonsense -- which is why only ignorant newbies buy into it. And...as we've seen repeatedly...the most likely outcome of any attempt to "attack the spammers" will be abuse (re)directed at innocent third parties.

    reply to this | link to this | view in chronology ]

    • identicon
      Blue Herpetologist, 6 May 2006 @ 9:43am

      Re: Brief answers to your questions.

      You are plainly a narcissistic, arrogant bastard. No one knows as much as you do (when you really don't know anything) and they are stupid because of it. Do you have any friends? Has your family kicked your sorry ass onto the street? You deserve it.

      When you talk to people this way, you only serve to alienate them and push them right toward Blue Frog just to show you what an idiot YOU are. People like you get your kicks by flaming others no matter what the truth is.

      Unless you can say something helpful, go find yourself a hole to crawl into and let us discuss this without your angry garble.

      Isn't there a way to ban people like this from this forum?

      reply to this | link to this | view in chronology ]

  • identicon
    MARK, 4 May 2006 @ 1:33pm

    It seems obvious to me that the Blue Security MUST be having a MASSIVE impact if it has driven a big spammer to such lengths with a DDoS.

    I'm a Blue Security member, and I fully support what Blue Security is trying to do. This DDoS simply inspires me to continue to fight. I even telephoned Blue Security in Israel today, giving them my support.

    Mark

    reply to this | link to this | view in chronology ]

  • identicon
    henry, 4 May 2006 @ 2:22pm

    Re: Brief answers to your questions

    OK:

    1) There is no charge to personal users from Blue Security . If they are indeed some kind of profiteers, I just delete the application and delete the spam automatically as before instead of forwarding it to them. So where is the "profiteering" in that?

    2) It can't get worse. What intelligence to the enemy? They already have my e-mail address in their lists. My IP address - sure, you can have it, it's dynamically assigned.

    3) Most people don't have the resources you describe individually. But they do, in total, represent much more in terms of networking capability than any spam merchants. The method is also voluntary, democratic and seems to be working.

    4) Most organisations for whom I have consulted in the past have also solved their spam problem (at a huge cost) - but how about joe public??

    5) The spammers do care! They are also in businesss, and this is all bad for their business.

    Blue Security has evoked a response precisely because the spammers know that they cannot win when the numbers game gets past a certain level. 500,000, 1 million, 10 million - Blue securities membership went from 33,000 to 500,000 in a few months. What will the spammers do when the community size gets into the millions? Order more bot nets? Destroy the internet? I don't think so. They will just get on with their rediuced and more profitable "customer list".

    reply to this | link to this | view in chronology ]

  • identicon
    Josh, 4 May 2006 @ 3:30pm

    Still some incorrect info out there...

    There's still some misinformation being circulated. Alot of Blue Frog users did not get the email threats. I didn't. I don't use a spam filter - so that wouldn't account for it. Also, plenty of people who had never used Blue Frog or heard of Blue Security got the threatening emails.

    reply to this | link to this | view in chronology ]

  • identicon
    Bad Frogger, 4 May 2006 @ 6:07pm

    Re: Anonymous Coward and his kind.

    What an idiot you are!

    A million "pin pricks" and you bleed to death. Dumbass.

    When the SpamKing, PharmaKing, Killa and the rest of those puss suckin, wanna be tough guy, beyatches.
    Have no paying customers. All of their amazing "cluster" will be worth what?. Their shit will be in pawn shops, as
    they try to pay back their Mafia, Gangsta Girlfriends.
    There should be bullets to the head and cement boots for all, as their criminal empires collapse.
    Their Pain is a beautiful thing.
    Your jealousy of the Blue Community is just sad.
    We have done more to hurt the spammers in less than
    a year than all the other methods combined, have in the
    last ten.
    By "Spam Fighter" it is obvious that you meant "Spam
    Ignorer". I'll clean up my yard and screw everyone else.

    Note to "Spam King" from the BLUE FROGS, SUCK IT!!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 May 2006 @ 6:33am

    Some answers, round 2

    1. Surely you don't think they're doing this out of the goodness of their hearts, do you? (Not that some people aren't doing it out of the goodness of their hearts: they are. But those people aren't incorporated, burning venture capital, etc. They're the volunteers who have done the vast majority of the Internet's anti-spam work for many years. It's just that Bluesecurity isn't among them.) I think you should ask yourself this question: "How, exactly, is Bluesecurity going to make any money off this?" Their VC backers no doubt have an answer to that question.

    2. The information you're providing to spammers is that they managed to reach you. That is: a spam message sent from such-and-such an IP address, with such-and-such a technique, with such-and-such content, headers, formatting, etc., made it through your defenses and got to you. They don't actually know that UNTIL YOU TELL THEM. Which you're doing. Which means that you're helping them better understand what methods/messages enhance deliverability, and which don't.

    Not only does this information have value to them, it has value on the open market. Spammers have built, and maintain, and sell/trade/rent, databases which contain a lot of this information. And they're becoming increasingly sophisticated about tracking it -- in part because so many people have failed to learn a basic lesson: "tell the spammers nothing". So every time you use Bluefrog (or any other tool like it) you are actively helping the spammers enhance and refine their methods.

    Congratulations.

    3. I understand that most people don't have those resources. Fair enough. But lots of other people do, and they've made those resources available (sometimes for free, sometimes for a charge). You and I and everyone else have choice in how we receive our mail: if we choose poorly, and thus receive a lot of spam as a result, that's our fault. If we choose wisely, then we may have to pay for it (or pay a bit more for it), but one benefit of that ought to be reasonably effective anti-spam measures.

    Another way of saying it: I don't expect everyone to know how to set up Postfix+SA+ClamAV+DNSBLs+greylisting. I do expect everyone to be able to find someone who knows how to do that.

    4. I'm well aware that many organizations have solved their problem at huge cost. They're stupid. It's not necessary to spend a lot of money to "solve" this problem, unless "solve" includes the specification "100%" -- and then I would argue that this is a wholly unrealistic specification.

    For example, merely using a reasonable set of DNSBLs (e.g., Spamhaus XBL, SORBS, NJABL, DSBL, let's say) nails the overwhelming majority of spam. It's free. It can be set up in minutes. It works with nearly every sane MTA and even some insane MTAs. Yet we find people spending thousands of dollars on products/services which do nearly the same thing. That's just stupid.

    5. I don't think so . Chatter in the spammer world (on their web sites, IRC, etc.) has nearly completely ignored Bluesecurity. They're not regarded as a threat -- and with good reason, because, as I pointed out above, they provide a useful, free service to spammers. So I don't accept at face value the story that "this is a DoS attack launched by a spammer". Really? What proof has been produced to back that up?

    And given Bluesecurity's response -- including deliberately revectoring the attack onto an innocent third party -- I think there's much more here than meets the eye. See for example this analysis, which I largely agree with.

    There are a number of other curious things in play here as well, but this is long enough, so let me suggest that anyone interested in adequately educating themself to the point where they can discuss this in a clueful way should be reading these mailing lists: spam-l, nanog, spamtools, spam-research, ietf-asrg and the newsgroup news.admin.net-abuse.email.

    reply to this | link to this | view in chronology ]

    • identicon
      Henry, 5 May 2006 @ 2:34pm

      Re: Some answers, round 2

      I see that you are a regular to this blog - I do not intend to prolong this discussion beyond this reply.

      So in brief,

      1) Let Blue Security speak for themselves, assuming they are allowed to. At least I know who they are and where they are. I detect a large dose of "sour grapes" in your response.

      2) Equally, each SPAM message contains information which can be used, assuming someone cares enough to do so. I am glad that you are not responsible for the analysis (I usually re-position people like you into areas where their egos cannot do any damage).

      3) I agree that "You and I and everyone else have choice in how we receive our mail:". I choose not to receive mail from a given source. I do not expect to be harassed by the sender as a result of that decision. The techie bit is irrelevant. Some of us do understand the acronyms, but they are there mainly to inflate your ego.

      4) Why is everyone "stupid" just because they do not do what you think is best? I would suggest a crash course in communications management of the human variety. Assuming you are the same "anonymous coward" who makes other posts to this forum you are a one man consultantcy looking after" 500 seats". That hardly qualifies you to pontificate about corporate strategy. It is likely that the professionals involved, like me, have a wider point of view, are better qualiified and more experienced than you, Mr. Coward.

      5) If you are the expert you claim to be, then you should be able to come up with some evidence one way or the other. I leave it in your hands.

      The analysis you point to is not the only one I have seen.

      You fail to mention that the hosting service concerned did not blame anyone for the incident.

      The hosting service was supposed to be able to handle a DDOS regardless of the intended victim. DDOS attacks happen thousands of time a day throughout the internet.

      Once again, why not Blue Security speak for themselves, assuming they are allowed to.

      The only education I would suggest for you, with the greatest sincerity, is a course in human relations. Why not get a perspective outside the rather limited box you apparently inhabit. A little humility goes a long way. I am sure that someone out there knows you and reads these posts. They are probably as unimpressed as I am.

      reply to this | link to this | view in chronology ]

  • identicon
    Martin Hannigan, 5 May 2006 @ 7:38pm

    Blue Security

    Just wanted to add some facts and I challenge anyone at Blue Security corporate to debate this with me publicly:

    1. They sought the anti spam and security communities blessing to engage in this reverse DDoS business and they failed. Even the leaer of the Anti Spam Research Group "ASRG" spoke out against them.

    2. No engineer was bribed as the data available proves no routes where changed. Blue Security hasnt offered a shred of evidence to counter this fact.

    3. Noone can find evidence of a routing blackhole and I invite Blue Security to produce some.

    4. Blue Security knew they were under attack when they redirected their web pages through a DNS change to Typepad. Subsequently, the spammers targeted their name servers instead which then caused major domain outages at Tucows resulting in the impact to 104K domains.

    5. Blue Security may have pointed their nameservers at UltraDNS without asknig because at one point yesterday, they were pointed at udns2 and udns3.ultradns.com

    Again, the CEO of Blue Security hasn't provided a shred of evidence to ANY malfeasance of anyone on the Internet or any backbone provider and It's becoming harder to tell who the miscreant is as this saga continues.

    reply to this | link to this | view in chronology ]

  • identicon
    Bob White, 6 May 2006 @ 7:01am

    I stand with BlueFrog

    The idea that Blue Security is to blame for the actions of the Spammer doesn't make sense to me. If a crazy man attacked me in my house and I fled to my neighbor's house and he started attacking my neighbor, the fault still lies with the attacker -- it's just that the attacker has further proven his cravenness.

    The idea that the Blue Frog approach equates to vigilantism is bizarre. There are no cyber-cops. Vigiliantes are wrong only when they supplant justice -- but as of yet, there is no justice for spammers -- only profit.

    The only problem I have with Blue Frog is that it has not been effective. But just the thought that I am participating in a plausible attempt to make spamming unprofitable comforts me.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 May 2006 @ 6:30am

    Bluesecurity: lots of hype, but no proof

    Bluesecurity has made quite a few claims in the past week,
    but has failed to produce compelling evidence supporting them.

    They've claimed that spammers are angry with them. Yet
    they've produced no proof of this, and publicly-available
    evidence (that is, chatter on spammer forums) indicates that
    spammers are laughing at them.

    They've claimed that their "anti-spam" technique is effective,
    yet they've not shown that it is so.

    They've claimed that they've been subjected to an attack by a
    spammer, but haven't proven that it is so.

    They've claimed that their "anti-spam" technique only targets
    spammers, but haven't proven that. (And others have produced
    evidence demonstrating that it's wrong.)

    They've claimed considerable expertise in this area, yet they
    have failed to demonstrate the ability to cope with a DoS attack
    in a professional, responsible, ethical manner -- including awareness
    that all anti-spam (anti-spyware, anti-whatever) sites will eventually
    be subjected to these and thus must prepare for them from day one.

    They've claimed experience, yet nobody from Bluesecurity can be
    found on any of the working groups, mailing lists, newsgroups, web
    forums, or other places where the most experienced, knowledgeable
    people fighting spam communicate.

    I simply don't find them credible.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.