Results 1 to 14 of 14
  1. #1
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    ...divided we fall

    Blue Security Shuts Down Bluefrog! I blame the IT community and not the spammers.

    Kaspersky Lab and Viruslist.com announces Spammers down antispammer.

    Here's a perfect example of where the IT community itself failed to support an effective weapon against cyber-crime, and actually was instrumental in bringing down Blue Security, a valuable ally. Note the following falsehoods the author wrote in the announcement:
    1. <LI>Customers were encouraged to reply to spammers and clog their networks.
      <LI>...the whole idea of spamming spammers was considered to be rather controversial
    The idea was never to clog anyone's network, and Bluefrog users did not send ANY spam - they sent ONE reply for each piece of spam received - just as if each user responded to that piece of spam as REQUESTED by the spammer. But note that would not happen until 10 days after the spammers and the "email marketers" were asked politely, with a single email from Blue Security, to remove Bluefrog users' addresses from their lists, but instead chose to continued to send spam.

    Spam, by its very definition is unsolicited and unwanted email. Email marketers solicited a response. Therefore, a Bluefrog user sending a single response to the email marketer's address cannot be called spam.

    Here demonstrates, once again, even after months of opportunities, some "experts" in the IT community failed to learn and understand the process, then irresponsibly reported to their readers falsehoods about it. This fueled the anti-sentiment, or at least hindered support for Blue Security. Had the IT community rallied around Blue Security in their effort to fight a common foe, instead of kowtowing to these cyber-terrorist, Blue Security would not have had to shut down and a major victory would not have been placed at the feet of the bad guys.

    Right from the very beginning, BS was put on the defensive as a badguy - wrongfully accused for instigating its own DOS attacks on sites and ISPs that allowed (or at least did not block) spam. They were wrongly accused of exposing BF users' addresses and causing an increase in spam. And they were wrongly blamed - instead of the bad guys - for bringing down blogger sites by diverting attacks against BS.

    There is no doubt that negative publicity had a significant influence on many Internet users and on the IT user community's lackluster support for BS and its efforts.

    Shame on Kaspersky, IT News, Information Week, Macworld and the other naysayers - they failed as IT journalists to learn and understand how the process worked, then reported erroneous information to their readers. Now, the those of us that have joined together in the fight against Internet crime, including spam, ID theft, child exploitation, viruses, worms, etc. have lost a major battle and a valuable tool in that fight! [img]/forums/images/smilies/sad.gif[/img]
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ...divided we fall

    Sorry to see that you are so upset about this, Bill, but I think your anger is misplaced. IT professionals are not responsible for the DDoS attacks against Blue Security that shut down its service. Nor could IT professionals easily have stopped or prevented those attacks.

    The lack of enthusiasm for BlueFrog may have arisen as a result of confusion with that other short-lived service which really was intended to take down the web sites advertised in spam. I myself never heard about BlueFrog and might have jumped to the same conclusion. Maybe they needed to do a better job communicating what they were doing.

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    -------------------------------------------
    Maybe they needed to do a better job communicating what they were doing.
    ------------------------------------------

    I agree with Jefferson.
    Sounds like fighting Spam with Spam.
    Do you think that "politely" asking Spammers to please stop, would stop the Spammers? ( I don't think so! )
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    Thanks for both of your replies. I agree that Blue Security could have done a better job of communicating their efforts - but I note that they were still in beta as this all unfolded. It was only after the folks at Firetrust, the makers of MailWasher, asked if MW users would like an easy way to report spam to Blue Security through MW that I learned about it.

    Bob - you fall into the same misconception and misunderstanding of the concept that these IT reporters did. No spam was ever sent. By spam, I mean mass mailings of unsolicited email. That never happened.

    What would happen is a user would report a piece of spam to Blue Security (BS) using Bluefrog, a reporting tool/client developed by BS and installed on our PCs. We could register up to 10 email addresses for free. Folks, not machines (unlike that other short-lived service), at BS would analyze the spam to determine the marketers - the person who hired the spammer to market his product - and BS would send a polite request to download the hashed list of registered emails and purge his lists of Bluefrog users emails. Over the next couple days, if spam continued, they would be asked again. If after 10 days, if spam continued, then the Bluefrog application on each persons PC would send ONE - and only one, email to the marketer (and not all at once), and to the spammer if his address could be determined, requesting Bluefrog addresses be purged from their lists. Note that the marketer was requesting users reply - and so we did. Just not to buy, but to opt-out.

    If you send out 1,000,000 wedding announcements and tell everyone to RSVP, you better be prepared for 1,000,000 RSVPs, no? That's how it worked. One opt-out request for each email they sent to a registered address requesting a response.

    It was beginning to have an impact - obviously since the spammers then sent a big DDOS attack - several marketers had voluntarily purged their lists. This had the effect of stopping spam BEFORE ever sent, before being dumped on the Internet, before consuming bandwidth, before hitting our inboxes.

    Now the badguys know all they have to do is step up their attacks and everyone will bow down and kiss their feet.

    Sadly, more opportunities are not denied us. Many users WELCOMED the stepped up attack as it was exposing their hijacked zombie botnet machines. The faster they sent us more spam, we were reporting them to SpamCop, FirstAlert, ISPs, and law enforcement. Not anymore.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  5. #5
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    Bill,
    Everyone is entitled to their own opinion. You have yours, I have mine.

    I think it has been established that most Spam is generated by machine, not by some person sitting at their PC and sending out emails.
    Sending out a polite request to opt out of their mail list is no different than clicking on the the little opt out link on the bottom of the received Spam. The machine could care less but the Spammer gets a revised list of "live addresses". If anything, you give the Spammer a list of live addresses to update their databases. Just what is a "hashed" list, BTW.

    You may get a few legit marketers to purge their lists of the opt out recipients but by and large these Spammers are not legit and just ignore the requests.

    You have to get the ISPs to remove these high capacity email generators for their service. That's the way to shut off Spam.

    I just don't believe doing it with a request is the way to get them to halt. So loop up, go to line 002 of this post and so on and so forth. <img src=/S/dizzy.gif border=0 alt=dizzy width=15 height=15>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  6. #6
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    <hr>Sending out a polite request to opt out of their mail list is no different than clicking on the the little opt out link on the bottom of the received Spam. <hr>
    No it's not! You are jumping to conclusions, just like those reporters did. All those links do is verify your address to the spammer. No one should EVER click on those.

    Please note above where I said "Folks, not machines, at BS would analyze the spam to determine the marketers - the person who hired the spammer to market his product".

    Most spammers are in it for money - they are hired by marketers that want their products advertised. If the marketers refuse to honor the opt-out request from BS, each users Bluefrog sends the request. When the marketers staff is handling more opt-out requests than purchases, they lose money - it becomes an incentive to remove the names from the list.


    Note that I am not expressing an opinion, I am telling you how it works.


    <hr>You may get a few legit marketers to purge their lists of the opt out recipients but by and large these Spammers are not legit and just ignore the requests.<hr>
    Wait now! I don't think you understand what spam, in general, is about! Some, for sure, is just folks sending their latest virus or worm. But much is someone selling a product - ** Spam post - please alert a Moderator **, a loan, porn - whatever - they want you to go to their site and spend money, right? All BS did was analyze the spam, determined site that wanted your money, and provided an avenue to send that site an email for BS users to opt-out. What is the harm in that?

    You say you have to get the ISPs to act - again, BS analyst did that too - they researched and determined the ISPs that were used - informed them of the offender, asked them to stop the offender. If they did fine, if not, law enforcement might be called in.

    Hash function - BS would provide a hash function list to spammers and marketers to run and purge their mailing lists. Could the bad guys see the emails in the hash function list? No. Could they do to a before/after comparison and see what dropped off? Sure - but they already had those emails addresses.

    Was this system perfect? No. Must we sit around and do nothing until the perfect solution is devised? If so, the war is over and the good guys lost.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  7. #7
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    Whatever!
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  8. #8
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    Now wait Bob - you say everyone is entitled to their opinion - fine. I'm okay with that. But I started this thread because IT journalists made statements that were not factual, in fact, they were totally false. They printed information that misinformed their readers, causing them to make decisions (which like you, they are entitled to do) based on wrong information.

    I think that's wrong! Regardless what you personally think of Blue Security, you seem to be defending journalists making false statements. I don't get it.

    And - and this is my opinion, I personnel don't have a problem with dumping a few thousand legitimate opt-out requests in a spammer's inbox - especially after they were asked nicely to not send us spam.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  9. #9
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15> OK.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  10. #10
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    In going over this thread again, trying to figure out what happened, I saw this:
    <hr>Bill, but I think your anger is misplaced. IT professionals are not responsible for the DDoS attacks against Blue Security that shut down its service.<hr>
    I don't understand where this come from? No where did I indicate I believed IT professionals were responsible for any attacks! That would be as bad as the IT professionals blaming Blue Security for the extended DDoS attacks taking down the bloggers - which is exactly what they did!

    Badguys committed the attacks!

    I blame the IT journalist, for mis-stating the facts, for fabricating information, for unbalanced reporting focused only on the imperfections - this in turn, resulted in lackluster support for BS which, up until the time of attacks was making significant headway in reducing spam in its users inboxes.

    Even I was a skeptic at first, not seeing any improvement in my daily spam count. But after 3 weeks of reporting, my daily count went from about 100/day to less than 30 - for 4 email addresses (I use Mailwasher to keep statistics on my spam). A 70 - 80% drop in spam is nothing to sneeze at. It stayed between 20 - 30 for highs, as low as 3 on weekends for several weeks. Now the last 5 days have been 50 to 60. I expect it to be pushing 100 again soon.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  11. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ...divided we fall

    It was your opening line:

    > Blue Security Shuts Down Bluefrog! I blame the IT community and not the spammers.

  12. #12
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    <img src=/S/confused.gif border=0 alt=confused width=15 height=20> Well, okay. To me, it does not follow that "Blue Security Shuts Down Bluefrog! I blame the IT community and not the spammers" leads to accusing IT professionals for being "responsible for the DDoS attacks...".

    Blue Security shutting down Bluefrog and the DDos attack are two different (though connected) events.

    Clearly, in my text I blame the badguys for the attacks and I chastise the IT community/IT journalists for misleading their readers by failing, even after months of opportunities, to learn and understand the process, making false statements about the process, unbalanced reporting, and then, after badguys launched their DDoS attack, wrongfully accusing Blue Security for bringing down the bloggers.

    I apologize for not properly summarizing 6 months of events into a one-liner opening statement that explained everything - I thought the full body of text following explaining that comment would be read and used to determine content, not one line taken out of context.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  13. #13
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ...divided we fall

    Headlines matter because they shape the reader's perceptions of what follows. Perhaps "IT Press Partly to Blame" would have put me more in your frame of mind.

  14. #14
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ...divided we fall

    That's fine - but again, the IT press had absolutely nothing to do with, and are not to be blamed in any way for conducting a DDoS attack. They are, however, blamed for misleading readers and falsely accusing Blue Security for the DDoS attack.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •