What is Digg?63 Comments
- LeftistPersona, on 10/12/2007, -0/+60We're working on a distributed (p2p) replacement for Blue Frog that can't be DDOS'ed. We need programmer volunteers. Drop me a message.
http://slashdot.org/~Spy+der+Mann/journal/135727
spydermann left that in the other BlueSecurity/Frog digg - inactive, on 10/12/2007, -0/+19Bairy, BlueSec had the same hopes as you suggested. That spammers would cease sending their crap to people who DEFINATLEY didn't want it and were NEVER going to click on any links it contained.
However, certain *****, I mean spammers (pharmaster) are totaly without any idea of logic or common sense and continued to spam hundreds of thousands of people regardless of whether they were on the 'don't send me this crap' list or not.
Interestingly, 6 of the top 10 spammers actually did stop sending spam to blue frog users. They saw BF as a good way to aim their resources at the stupid fools who hadn't made it clear that they didn't want to be swamped with dick enlargement pills and shady 419 scams!
Thats the sad part. Because one dog-turd-on-the-bottom-of-my-shoe spammer totaly misunderstood that BS would help him in his spamming efforts, this prick and his stupid loser friends (if a spammer can actually have any friends) screwed BS totally.
But, from this kind of insane over reaction, we know exactly what kind of approach can get to spammers and cause them a lot of bother. You can bet your bottom dollar that we'll soon be seeing a whole host of open source Blue Frog alternatives that won't just be sending opt out messages at a 1:1 ratio. They won't just be sending them to the sponsor's site either. And they're gonna be installed on hundreds of thousands of PCs once it becomes clear that they are working, and costing these spammers their business.
Its sad though, that all of this would be unneccessary if a tiny percent of internet users had brain larger than a grain of wheat and didn't buy anything from spam-advertised sites! As soon as the stupid idiots stop buying fake viagra, the sooner spam will stop!
/rant - shafiq, on 10/12/2007, -11/+30i thought this was about Azureus.
- EGOvoruhk, on 10/12/2007, -0/+14I had no idea what this was about, so I ran a wiki search
http://en.wikipedia.org/wiki/Blue_Frog
It's a short read, but it's very interesting - tedfa, on 10/12/2007, -1/+8maybe, but most spam actually comes from within the U.S.
- nferrier, on 10/12/2007, -4/+11FTFA:
"THE ATTACKER SAYS
If I took over that IP address (a DNS change) I can send back that positive response to the blue frog authentication, and then send scripts to the frog to do anything I like."
serves Blue Frog right for using half measures. If it had used TLS (preferably TLS + client certs) then it would not have been so easily spoofable.
When oh when will programmers learn? - sjetha, on 10/12/2007, -0/+6I did the very same thing, EGOvoruhk.
I thought this was something to do with that annoying Crazy Frog when I read the title!
I vaguely remember hearing about this on one of my podcasts, and it seemed like a really good idea.
It's a shame that it's backfired so dramatically, because it would have been the beginning of the end of the spammers (if that's even possible).
From the wiki article: 'PharmaMaster [was] quoted [...] writing: "Blue [Security] found the right solution to stop spam, and I can't let this continue"'
Priceless.. - dark1999, on 10/12/2007, -1/+6They actually do use SSL for the connection with the central server.
I think this is actually FUD by the spammers trying to finish the job... - heffer2k02, on 10/12/2007, -0/+4I know this is an insane suggestion, but a thought that gave me a warm feeling inside all the same.
How nice would it be to amass an army of people, who would be willing to dedicate their life to the extermination of spammers worldwide. We would use cutting edge tracking methods to locate where individuals involved in illegal spam lived, send them e-mails asking them to stop on pain of death, and then travel the world shooting them in cold blood if they continued. It would be international news, spammers would be afraid to continue - spamming ends. And we get to travel the world and get some blood payback too. Oh, and before we kill them we can take their hefty earnings and split them amongst the army as a salary. Wow - a buisiness model and everything, whos with me? - tranix, on 10/12/2007, -0/+4The spammers were obtaining most of Blue's customer emails anyway by simply comparing their email database before and then after running Blue's scrub. However, Blue's customers didn't mind; they knew they were hitting the spammers where it hurt, and it was worth it. After I signed up, the spammers started using my email as a reply address on their spams, so I just added rules to delete all bounce messages, no problems for me
- f00xx0riz3r, on 10/12/2007, -1/+5Their servers where overloaded with traffic. Ofcourse they wasnt happy.
What I dont get is why the mindless drones diggs this article. I think it's very farfetched that someone would "take over" the blue frog client unless admins at blue security were as clueless as to let domains etc expire in the near future.
The link goes to a badly ad-riden forum. I cant believe people post there volunterly. - roguescout, on 10/12/2007, -0/+4Yeah, but I think the goverment of whatever Durkastan country they are operating from doesn't really give a ***** about spammers.
If they are originating from Mother Russia or China, some government agency is making bank just by looking the other way.
Hopefully, the Okopipi and/or Black Frog projects will snowball into the greatest cyberspace innovation ever. Good luck guys!
If I could program something other than an Apple IIe or C64, I would join the fight. - bairy, on 10/12/2007, -0/+4Your last 2 paragraphs are 100% spot on. Digg++
- bairy, on 10/12/2007, -0/+3There's something I don't get.
The spammers may well think they're really smart and clever by taking out Blue Security, but since the only people who used BS were people who didn't want spam, isn't it reasonable to assume that those people aren't going to follow links in spam?
I mean maybe it's just me but shouldn't the spammers be thanking BS for helping weed out those who don't want the emails, and thus aren't interested in the crap being sold? - inactive, on 10/12/2007, -0/+3If you have no idea about bluefrog then check
http://www.pallab.net/2006/05/05/the-war-over-spam/ - ronaldpoi, on 10/12/2007, -1/+4Yes, i thought this was about Azureus... i found myself saying: "oh no... my azureus nooo..."
- sjetha, on 10/12/2007, -0/+3But isn't spamming illegal anyway?
I don't think that the treat of unathorised entry is going to phase someone that's already involved in criminal activity. - inactive, on 10/12/2007, -2/+5... Why would spammers who DDoS and are already breaking the law.. Why would they care who you say wants to opt out? Hell, if I was a spammer, I'd spam the people from the opt-out list twice as hard.
- PacoBell, on 10/12/2007, -2/+4"The link goes to a badly ad-riden forum. I cant believe people post there volunterly."
"Ads? What ads?" said the Adblock + NoScript + Stylish user ;) - Odweaver, on 10/12/2007, -0/+2as long as they stop sending me V1AGR4 and PR0Z4C emails, i'm all for it.
- LegendOfLink, on 10/12/2007, -0/+2Could we stone them?
- inactive, on 10/12/2007, -0/+2I think this will give you an idea
http://www.pallab.net/2006/05/05/the-war-over-spam/ - DirtyWorker, on 10/12/2007, -1/+3The guy who started the attack is from Russia, most likely doing it because he is in cahoots (love that word btw) with the Russian mob. :P
- greggish, on 10/12/2007, -0/+1Also from the WashingtonPost.com article...
"The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
Today, Reshef will wave a virtual white flag and surrender. The company will shut down this morning and its Web site will display a message informing its customers about the closure."
http://www.washingtonpost.com/wp-dyn/content/article/2006/05/16/AR2006051601873.html - dexOtaku, on 10/12/2007, -0/+1While it's accurate to say that Bluefrog gave up - or gave in, I think that in the long run this will end up being a good thing.
I must confess after reading the media coverage and their press releases, I have a fair deal of respect for Bluefrog. Especially since they threw in the towel when they realised that their original business model actually amounted to volunteering their corporate entity as a tool of [information] warfare, without the actual backing of any legislated body anywhere.
The demise of Bluefrog sets the stage for something far greater: the moment when governments around the world realise that, given how much both academia and economies rely on the internet to function [read: near- if not outright critical infrastructure], some real agreement with real teeth will have to be come to at some point over spam's 100% waste of bandwidth, and the threat that spammers [who almost universally have no business ethics whatsoever] pose to the information infrastructure so many depend on.
DDOS's on the scale enacted by PharmaMaster is something that no business or government can afford to tolerate. If they can do it to blogging sites and corporations, they can do it to just about anyone they want.
While questions about enforceability still stand, I think it's pretty much a given that at this point, governments and lawmakers worldwide will have no choice but to start taking the threat imposed by [some, if not all] spammers more seriously. Someone, somewhere will bring forth legislation that might even be effective.
This is just the start of the war. - inactive, on 10/12/2007, -0/+1pacogozalez
the moment you have a web site to go pick up php scripts, you have a target to DDOS. They need to be something like an HTML file with Javascript that is loaded onto your local system and viewed in the local browser. Updates can be torrented around and digitally signed by the author to make sure they are authentic. - pacogozalez, on 10/12/2007, -2/+3The thing in bluefrog is to identify the URL of the spammers "sponsor" and to generate a script to automatically opt-out (fill the orders) of this site. This will always need some human interaction, since the "sponsors" will change their sites frequently.
The main intrest should be to make those scripts public.
Immagine a website full of such scripts (php anyone?) divided in viagra / penis enlargement, etc sections. Now if the spam makes you angry you go to this site and fire some opt-outs in your preferred cathegory... Through your web-browser !
Tech:
the php script will generate the html-code to opt-out automatically, and the submit button will redirect the opt-out to the appropriate sponsor-site.
- DirtyWorker, on 10/12/2007, -2/+3We are talking about the russian mafia here. So, good luck prosecuting and even finding them all.
- rderveloy, on 10/12/2007, -0/+1Kind of like the movie Swordfish, except against spammers.
I like it! - johnboyholmes, on 10/12/2007, -14/+15Hello, earth to windows user, there is life beyond micro$oft.
Azureus owns cross platform compatibility :-) - theDevilsDue, on 10/12/2007, -1/+2http://www.thecarpcstore.com/phpbb2/viewforum.php?f=1
for anyone who hasn't already been there. - astrotrain, on 10/12/2007, -1/+2If theses Spammers get caught this means jailtime for most of them. They are invading peoples PC without proper means and against the wishes of the system owner. Better known as "unathorized entry" which is a federal crime in most parts of the world.
- inactive, on 10/12/2007, -0/+1f00xx0riz3r Castlecops is a very wll known and old forum. Dont comment without knowing things first. I agree that, that forum as well as the site is ugly. But that has got nothing to fo with reputaion,credibility and quality.
- NJank, on 10/12/2007, -1/+2"Why would they care who you say wants to opt out?"
they don't. but they do care about their servers and bandwidth costs. It is perfectly legitimate for a person to send an opt-out request. If doing so became almost as easy as clicking the "report spam" button in Gmail, lots of people would do it. If lots of people do it (a significant percentage of spam sent) it swamps their servers. That hurts them. It becomes a legal DDOS back at them. Not at the "email senders" (aka untouchable botnets), but the "order receivers" (aka web hosts).
It obviously bothered them, because they fought back. unfortunately, bluesecurity didn't have the infrastructure to survive the fight they picked.
Which makes me wonder. Aren't they a for-profit company? What was their business model? How did they expect to make money? Did they charge for the program? And wouldn't a for profit company be working on a phase 2 technological solution (like their own version of the P2P suggestion?), or selling the business to a bigger company that can shrug off the flak received? - inactive, on 10/12/2007, -0/+1Moments after bluefrog gave up a massive Ddos attack pulled down prolexic's website ( it is no. 1 anti ddos solution provider), along with several important sites which included banking.
There was no way bluesecurity could have withstand it.So after thinking about it for a few days I feel that they have made the right decision. - inactive, on 10/12/2007, -0/+1Those emails are fake mails from the spammers. Create a filter and block them or sent them to spam box.
- hah456, on 10/12/2007, -0/+1Sounds like the movie Munich
- mrinternet, on 10/12/2007, -0/+1Wow Blue frog giving up is a real surprise, perhaps will resurface at another time.
The secret to prevent a DoS attack is to use an ISP that can handle it.
I worked for one of the largest Tier 1 ISPs for 10 years, and was responsible for Internet Security, Products and Services. If the ISP cannot be brought down by a DoS or a DDOS (having bandwidth on demand e.g. unlimited), then they are perfect for supporting a customer immediately if they have a DoS attack. This is done by identifying traffic patterns by monitoring and other profiling also, it is a federal law violation in the US and equally so in the UK and Europe giving it the same resources as a ter**orist attack. - rderveloy, on 10/12/2007, -0/+1"The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
Today, Reshef will wave a virtual white flag and surrender. The company will shut down this morning and its Web site will display a message informing its customers about the closure."
The greatest tragedy of this whole series of events, in my opinion, is the precedent that was set.
What makes me sad is that Blue Security actually gave up. The people that attacked Blue Security should be considered terrorists since they threatened to infect innocent user's computers with viruses. I understand that Blue Security only wanted to protect its users, but the attackers used fear as a weapon when they threatened innocent people, and they won. Now spammers are only going to be emboldened by this turn of events.
I'm sure Blue Security will make a comeback, but their next battle will only be that much more difficult since spammers now think they can outlast any serious threat that emerges. - serra, on 10/12/2007, -0/+1I can't believe that Blue Frog gave up, especially after all of the fighting words that they spoke, acting like they were going to win. Wussies.
- Dimensio, on 10/12/2007, -1/+2Truthfully, I have often considered undertaking just such a venture myself. I have -- and I am not making this up -- seriously fantasized about tracking down known criminal spammers such as Alan Ralsky, Scott Richter and many others and gleefully slamming a crowbar into their face repeatedly, until they were unable to move or react. I would then torture them slowly and painfully, until they were begging for death, at which point I would douse them in a flammable liquid and set them on fire.
I still entertain such fantasies quite often, and I can quite honestly say that if I were to meet a known spammer, I would -- without hesitation or remorse -- kill them on the spot. - brickbat, on 10/12/2007, -1/+2I have to say, using gmail has cut down my spam by well over 95%
- jameslheard, on 10/12/2007, -0/+0@ ChrisGranger
Sadly i have some email that get spam that have never been posted or ever given out. One gets over 200 email a day. A lot of spamers just generate address bassed on names and common words and then remove the ones from lists that bounce.
@ brickbat
As Chris was saying if like me u get 200 emails a day what do u do if a legit email that was very important get lost in a spam folder amoungst all those spam emails. - qwin, on 10/12/2007, -2/+2Is there an article somewhere that says they were going to give up? Did i miss it? Why are they giving up?
:P - Daibheid, on 10/12/2007, -0/+0Hi,
I am still trying to understand Blue Frog. One day good and now BAD!!! get rid of it!
So I did because I have been reading up on it and it is all negative. One thing though, last couple of weeks I have been getting Spam because I did not ask for it. And I have Bounce bully. So I can see where it came from. Can not say because they used a proxy and can't track to see where the hell it came from. Oh ya been getting a lot of returned e-mail's say the address was no good. Funny thing is I never sent any e-mail to those address. Like I said new to this so please be gentle. - ChrisGranger, on 10/12/2007, -0/+0Most likely it only diverts it to your spam folder rather than eliminating it. The spam is still coming at your address, you just see less of it in your inbox. Gmail's spam filters are pretty good (as are those of the other major free emails services). Also, a new address should get less spam simply because you likely haven't plastered that address all over the net for spambots to harvest.
- scheper, on 10/12/2007, -1/+1That's what I thought. The article says that the next attack from the spammers could be to control the server (or IP) and have the clients do their bidding. I didn't see anything about quitting.
Also, this would seem a perfect scare tactic from the spammers. - Abatrour, on 10/12/2007, -1/+1Wtf the blue frog? I've come across ads on the Internet for it and I have tried to figure out what it is but for some reason its real hard to find any information on it.
- Spitt, on 10/12/2007, -0/+0I agree, you jsut need to find an ISP that can hadle it. My ISP has gone down twice because of attacks on my site, however they learned something from it, and used it to make the server stronger. The fact that their ISP actually dropped them would not make me want to go and use their servers.
My spam email dropped from 200-300 spams a day to about 15 spams a day. The service did work, and it worked well. I am saddened to see it go. It is a shame that they gave up. It would have been better for all of us if they had stayed up and running, and allowed us to take the risk on whether or not to stay on with them. I and I am sure many others would have stayed.
I did try to contact them, to show them my support. I had the idea that they should contact webmail services and ask for them to do a partial host. Really it helps the web mail companies, so I can't see why they wouldn't share the burden.
Whomever gets something going, please come to rpg-exploiters and share the news with us. We all look forward to seeing a new similar service popup in their place.
And if the makers of Blue Frog are reading this, please come back and allow us to decide if we want to opt out. I foro one, would opt in. - nighthawk101, on 10/12/2007, -0/+0as it was a dos attack this in no way is a great hacker
i would say that if every member of blue security came together
we all could target the spammers web base system
then they will be the one running into the night
how about a small program that when you get spam mail you send back
a bot to crash there system up or block there sending port
as for PharmaMaster who is some kid who is nothing at all NOT EVEN A REAL HACKER
REMEBER BLACKHAWK IS WATCHING U
his days are numbered as there is more hackers who attack there web site bases now -
Show 51 - 63 of 63 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is