BlackFrog to Take up BlueFrog's Flag 178
Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."
Link (Score:4, Informative)
Once you go black, you never go back. (Score:5, Informative)
Re:source from bluefrog? (Score:4, Informative)
SpamCannibal (Score:1, Informative)
http://www.spamcannibal.org/cannibal.cgi [spamcannibal.org]
Re:Poisonous frogs? (Score:3, Informative)
Blue Security's reason for shutting down (Score:3, Informative)
Blue Security Gives up the Fight [slashdot.org]
The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."
I'm guessing the only real difference is that users will know this time around.
Re:Spamming the spammers? (Score:3, Informative)
Once you receive a mail advertizing pills or wrist ornaments , the Blue/Black frog client sends an opt-out message to the advertized mailbox.
Let say this online shop sends a million spam messages by means of a spammer, he (the shop owner) receveives 1 million opt-out messages back !
Days are counted for the spammers ! MUahAhahAHhaHAh
Re:Automatically clicks Unsubscribe links in Spam? (Score:3, Informative)
Re:Never trust the users (Score:1, Informative)
Sounds
Anyway, Blue Frog maintained a number of spamtraps on its "do not spam" list as well as normal users. If there was any question about a mail's legitimacy, it could usually be resolved by determining how many spamtraps it also hit. I don't think the "do not spam" list was really the best idea (it's what dragged bluefrog users into the escalation), but it really is an integral part of the model, to give fair warning to anyone who actually might just be mistaken, or at least to tell the targets of their complaint storm, "you had the ability to prevent this".
Blue Frog was never about DDOS'ing spammers bandwidth, only their ordering infrastructure with real opt-out mechanisms. It's naive to think spammers consider it anything more than a technical speedbump, but advertisers linked with spammers are also contacted, and they may actually take notice at the negative publicity.
Re:Once you go black, you never go back. (Score:5, Informative)
It's not DDoS. (Score:3, Informative)
The few hundred frog subscribers don't have the horsepower to shut down a Web server anyway. They just make the results of spamming much more difficult to sort through.
Re:Once you go black, you never go back. (Score:2, Informative)
http://www.atlantabotanicalgarden.org/conservatio
One interesting note from the WikiPedia article (couldn't find it elsewhere right now), is that the frog does not make any poison of its own but instead gets poison from insects which it eats. Seemed like an interesting tie-in for a P2P project.
http://en.wikipedia.org/wiki/Dendrobates_azureus [wikipedia.org]
How to prevent DDOS on the servers. (Score:5, Informative)
Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).
For the Nth time, we're NOT GOING TO DDOS!!! (Score:5, Informative)
--
Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.
Do you think we're idiots to let something like this happen?
1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.
2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.
3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.
4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.
5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.
6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.
7. If any wants to cooperate, the google group is open to ideas.
8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.
Re:Poisonous frogs? (Score:2, Informative)
Blue Frog didn't automatically focus on every Spam that was submitted. It focused on the ones where it could do the most good. To be specfic, the developers would identify Spam that had been submitted to the most Frog members and originating from Spam networks that were not in compliance with the Blue Frog opt-out list.
Then the developers would visit the page and develop a script/bot that would submit opt-out requests using the E-Commerce or "For More Information" forms on the website.
Give this, I think it's pretty unlikely that someone would get hit by accident, dont you agree? Frog was never a completely automatic process. It required intervention and that's a good thing.
Blue Frog won because it was systematically beating the big spammers into submission, one spammer at a time.
IMPORTANT ANNOUNCEMENT FROM BLACK FROG (Score:5, Informative)
So the official name of the P2P antispam software is now "Okopipi". Please stop naming it "Black Frog" or we could get sued for Trademark Infringement.
Thank you.
(More info on my journal) [slashdot.org]