Blue security

[Miss Betsy]

You are right. It should be some spamcop reporters.

spamcop reporters are diverse. The admins, who probably make up the bulk of reporters, are the ones who are probably indifferent to anything but filtering - preferably before they have to pay for the bandwidth. There are end users who are trying to reduce the amount of spam in their inboxes. Those end users judge the success of an anti-spam tactic on whether or not it reduces spam to them. There are other end users who want to do something to contribute to the anti-spam fight. Reporting spam through spamcop or Blue Security is something that can be done. Most end users simply change email addresses when the spam load gets unwieldly.

There are a very few of any type of reporter who are interested in the ethical or philosophical aspects of spam and the internet. For those few the only ethical, practical method that supports the notion of a free internet is to use blocking at the server level - my server, my rules. If I want to hear from you, I will request it. That method preserves the freedom of other netizens to do what they please, but does not allow them to impose on me. A polite message explaining why I am not accepting email from this IP address allows the sender to make other arrangements to contact me.

Miss Betsy

[btech]

Blue Security analyzes reported spam manually (some automated sorting of course) and categorizes it. Illegal contents get reported to appropriate authorities (FTC, Interpol, McAfee etc)

Spamvertized sites get treated in accordance with CAN-spam Act. Owner is contacted, and asked to clean their spammer address list of Blue Sec's opt-out list. This is CAN-spam in practice. If spamvertized web site complies with this law, within 10 days (see the Act) no further action.

OK, but let's get out of la-la land and focus on the majority of spam that is comprised of DNS hoppers and black hat hosts.

Sure, if there's a legit site that uses email as advertising, Blue will send requests and the site should remove the email address.

BUT... the Blue system is set up to add the user's email address to a list and when a new spamvertised site is added EVERY EMAIL ADDRESS on the list is sent as an individual request to be removed. Now, if that process has changed I'm not aware of it, but that was the initial process when I signed up.

So this program/system has nothing to do with legal compliance and everything to do with bogging down the IP/site that is hosting the offending site.

[Wazoo]

In any case I can't even remove my e-mail address from the DNIR until their website returns from its somewhat extended maintenance .

Blue Security Ceases Anti-spam Operations

Blue Community Site - active until 31-May-2006

After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.

As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.

[g4mby]

Blue Security Ceases Anti-spam Operations

Blue Community Site - active until 31-May-2006

Thanks for quoting that Wazoo, by the time I had heard what had happened the Blue Security sites had disappeared.

So, the spammers won?

[dra007]

/snip

So, the spammers won?

Not quite, some members are already talking about reviving the frog on their own since it was an open source beta program.. It will re-emerge as a peer to peer reporting and opt-out tool.. Only this time the spammers will have a lot more targets to seek for their nefarious deeds...

[g4mby]

BUT... the Blue system is set up to add the user's email address to a list and when a new spamvertised site is added EVERY EMAIL ADDRESS on the list is sent as an individual request to be removed. Now, if that process has changed I'm not aware of it, but that was the initial process when I signed up.

No, that is not what happened but it seems to be what people think happened.

Every report sent to BS generated an opt-out request that was sent from a users PC but only if all other avenues to get a spammer to conform had failed. The opt-out request was an invitation to download the BS program that contained the DNIR and through which spammers own mailing list could be run. The output was a cleaned or washed list devoid of BS members email addresses. The list was updated every two weeks and included in the freely downloadable file from BS's development site. I even downloaded it myself and checked a dummy email address list that contained the addresses that BS had for me. Naturally it worked and the output file didn't have any of my email addresses in it. The logic was one spam produced one opt-out request, no more and probably less. There has been a lot of false information written about BS's opt-out procedure and I hope that what I have written is accurate.

[holy_saiyan1]

There has been a lot of false information written about BS's opt-out procedure and I hope that what I have written is accurate.

Good explanation.

The biggest misconception, and the one that the "medi-duh" spreaded the most, was that it was a DDoS service, similar to Lycos's Make Love, Not spam product. Not true. The ratio of spam recieved to opt-out messages sent was STRICTLY 1:1.

[Merlyn]

The Frog Croaked - Got what it deserved!

[Wazoo]

Blue Security calls it quits after attack by renegade spammer

This campaign of intimidation was followed by a sophisticated denial of service attack against Blue Security's website. According to Blue Security, a renegade Russian language speaking spammer known as PharmaMaster succeeded in bribing a top-tier ISP's staff member into black holing Blue Security's former IP address (194.90.8.20) at internet backbone routers. This rendered Blue's main website inaccessible outside Israel.

After Blue made configuration changes to point users towards its TypePad-hosted weblog, bluesecurity.blogs.com, PharaMaster upped the ante by launching a massive denial of service attack against TypePad and any other organisation associated with Blue Security. The attack forced Six Apart, which runs TypePad and Live Journal, offline leaving the information superhighway temporarily bereft of the outpourings of numerous bloggers. The sophisticated attack also disrupted the net operations of five top-tier hosting providers in the US and Canada, as well as a major DNS provider for several hours.

"We didn't think PharmaMaster would go to extreme of launching a denial of service attack against so many organisations. With 20-20 hindsight we wouldn't have made these configuration changes, but at the time we didn't think he'd go so far," Blue Security CEO Eran Reshef told El Reg at the time. "My mistake was not anticipating he'd go berserk."

Blue reckons PharmaMaster hired a botnet to launch the assault. During an ICQ conversation, PharmaMaster told Blue Security that if he can't send spam, there will be no internet.

[dra007]

The rumor mill has started that people should uninstall the Blue Security program before spammers get control of it.. Oh well, maybe someone will come up with a better solution.. I am disapointed that spammers won yet again..

May 17, 2006

--------------------------------------------------------------------------------

As we've detailed previously, Prolexic has been fending malicious cyber attacks from one or more criminal spammers attempting to intimidate the firm, subsequent to Prolexic deploying its system to defend a recent customer. We can now reveal this customer to be Blue Security.

Blue Security was our client since May 5th, and we successfully repelled several attacks against them since we started protecting their site.

We understand that once customers of Blue Security started receiving real threats of viruses/worms/DDoS/etc. attacks against them personally, Blue Security realized that they were putting their customers in jeopardy by continuing the fight with the spammers. Not wanting to escalate the war on their customers, Blue Security, understandably but regrettably, decided to exit the anti-spam business on May 16th.

Currently Blue Security has taken their site offline, to avoid themselves being responsible for any further attacks on their customers. Whether you applauded Blue Security for taking the fight to the spammers, or criticized them for vigilantism, I'm sure you'll agree that it is a sad day when criminal spammers win.

Blue Security will be missed.

Darren Rennick

Chief Executive

[dra007]

For those interested there is a lot more to this story, this is right out Washington Post:

According to information obtained by Security Fix, the reason is that the attackers were hellbent on taking down Blue Security's site again, but had trouble because the company had signed up with Prolexic, which specializes in protecting Web sites from "distributed denial-of-service" (DDoS) attacks.

These massive assaults harness the power of thousands of hacked PCs to swamp sites with so much bogus traffic that they can no longer accommodate legitimate visitors. Prolexic built its business catering to the sites most frequently targeted by DDoS extortion attacks -- chiefly, online gambling and betting houses. But the company also serves thousands of other businesses, including banks, insurance companies and online payment processors.

For the past nine hours, however, most of Prolexic's customers have been knocked offline by an attack that flanked its defenses. Turns out the attackers decided not to attack Prolexic, but rather UltraDNS, its main provider of domain name system (DNS) services. (DNS is what helps direct Internet traffic to its destination by translating human-readable domain names like "www.example.com" into numeric Internet addresses that are easier for computers to understand.)

FULL ARTICLE