Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Black Frog hops into spam battle

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Black Frog hops into spam battle
Date: Fri, 26 May 2006 04:02:59 -0500 (CDT) 
http://news.zdnet.co.uk/internet/0,39020369,39271074,00.htm

By Greg Sandoval
CNET News.com
May 25, 2006

The open-source project aims to replace Blue Frog's opt-out email
campaign designed to crash spammers' servers

Spammers beware -- avenging amphibians are once again rising against
you.
  
First there was Blue Frog, a community antispam effort that stopped
operating last week after Blue Security, the company that started the
project, came under a withering denial-of-service attack.

Out of the ashes comes Black Frog, part of a project that is
apparently willing to become a flag bearer in the fight against spam.  
The project, dubbed Okopipi, is developing the Black Frog antispam
software and service as an open-source project, according to the
group's wiki.

"This project aims to become a distributed replacement of antispam
software Blue Frog," the Okopipi wiki states.

Blue Security waged a sort of do-it-yourself spamming campaign against
the spammers. It said that more than 500,000 customers downloaded its
Blue Frog software, which automatically sent replies back to mass
emails. If all of these customers' systems responded, the spammers'
systems would be overwhelmed.

But the Web sites of Blue Security and some of the company's partners
were knocked out last month by a massive distributed denial-of-service
(DDoS) attack. In such an attack, scores of computers try continuously
to log on to Web sites in an effort to overtax the servers.

Okopipi's battle plan is to avoid depending on a centralised server,
creating a target too big to be taken out by a single DDoS attack.

"It will be based on a P2P network (the frognet)," according to a
posting on the wiki. "On failure to connect it could still opt out
given email addresses."

Participants will send reports of spam emails to Okopipi, which will
use "handlers", including dedicated servers, to analyse it. To avoid
suffering the same fate as Blue Security, Okopipi's staff will not
disclose information about its servers.

"Only the Okopipi administrators will know their locations," the group
said on its wiki. This should make a DDoS attack "very difficult", it
said.

The Okopipi wiki said the Black Frog software will set participants'
systems to automatically click the "opt-out" or "unsubscribe" links
contained within spam -- sending a response to the mailers. The
software is still being developed.

Richi Jennings, an analyst at security research company Ferris, said
any attempts by Okopipi to duplicate Blue Security's strategy of
fighting fire with fire are misguided.

"The project should also take care not to cross the line from
legitimate spam complaints to attacking spammers using DDoS-like
techniques," Jennings wrote on a posting to Ferris's Web site.

 

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Black Frog hops into spam battle, InfoSec News <=
Previous by Date:  [ISN] Agency Delayed Reporting Theft of Veterans' Data, InfoSec News
Next by Date:  [ISN] ITL Bulletin for May 2006, InfoSec News
Previous by Thread:  [ISN] Agency Delayed Reporting Theft of Veterans' Data, InfoSec News
Next by Thread:  [ISN] ITL Bulletin for May 2006, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]