Blue Frog users may be hopping mad

Blue Frog, providers of the Blue Security anti-spam service that I questioned some months back, may soon have some pissed off users. It seems the Blue Security user list may have gotten out into the open, and some anti-anti-spammer is readying a spam barrage against that user list.

Your email address has never been safe in your favorite mailing list, but getting spammed for using an anti-spam service is definitely a new one for the internet. For users of Blue Security, it might be time to change that address. For Blue Security, which essentially emails spammers warning them to stop, it might be time for a few more SMTP servers.

***UPDATE***

Blue Security says it is a spammer with previous access to the addresses that is causing the problems.

***UPDATE 2***

From the sounds of the commentary, it seems the anti-anti-spammer in question is targeting email addresses that users already know are “out in the open.” That is the consensus so far, and it does make a lot of sense. Whether the perpetrator’s retaliatory tactics persist remains to be seen, as the list is too small for the big spammers to see much value in it, if other than to drive away a handful of Blue Security users. However, as the commenters noted, the attention alone is likely to add to the Blue Security user base, potentially foiling the attacker’s efforts.

On a side note:

After pondering my failure to do a brute force (or dictionary) attack of MD5 using my Powerbook G4, on quick request from a reader, I need to rethink my place here at Spamroll. This is not a shot against OS X either – source exists (for Linux) that I could have recompiled for this singular effort – I chose not to do so because I was 1) just plain lazy, and/or 2) knew it would take the rest of the day and I needed to finish debugging some Perl scripts for a real engineer (I am working for him, even though I am paying him as well – how did that happen?). Anyway, my apologies – I will try to be more diligent in the future.

Comments

Solver says:

Apparently this is all just a spammer getting intimidated by Blue and spreading FUD about them. Check out their blog and forums.

Essentially, I think it’s worth learning what you write about, before you write about it. The list cannot get into the open, because as far as I know, it’s a list of mail hashes. Blue Security and Blue Frog do not use mail to register their complaints, but scripts for spamvertized websites. Therefore, your note is a bunch of bull, sorry to say that…

Spammers are trying to scare Blue Frog users (like myself), but in reality, they are just causing the service to become more popular, by making more publicity for it. Good for them.

Always good to hear all points in a story. But saying that a list (any list) cannot get into the open is being a bit naive in the world we live in now.

@michael: Imagine a list of over 400,000 hashes, such as MD5 or SHA (from what I’ve read, the list in stored in such a way). Try and find out (Google for it), how long does it take to crack one such hash, then try to multiply this by the number of addresses. And then please tell me, how long would it take to get the list in cleartext, therefore making it available for spammers.

Just for your amusement, Michael, and to support what I’ve said above, try to tell me what is the following e-mail address:

MD5: 338320ca46e285ec44517354c793a0cb

Please post your reply in a comment, when you manage to crack this MD5. But if you have the mail address, and want to check whether this is infact a valid MD5 for it, it takes a blink of an eye. That’s the magic of hashes…

Ah, also please accept my apologies for saying your post is bull. All us spamfighters should join hands, but please do look up the information more carefully before you post it. There has been a lot of untrue facts running around about Blue Security, all of them caused by the lack of understanding of the technology. It’s harming the idea, because of lack of knowledge…

Larry says:

Pissed off? Yes. Pissed off at Blue Frog? No. Only pissed off at a spammer who is willing to look up people who he knows specifically DO NOT want spam and single them out for extra helpings of it.

Tomasz,

While I always appreciate a good challenge, this one is beyond my immediate capabilities. Then again, I doubt you were suggesting a brute force attempt. Considering that a number of characters in an email address can be assumed with a reasonable level of reliability (say the @ sign, as well as ending strings of .com, .net, .org, etc.), wouldn’t that make any such attempt a bit easier (assuming you could create a table that take those factors into account)?

Just a thought.

michael

harry says:

Hacking the list would probably qualify them for a nobel prize!

If they’d hacked the list, all three of my email addresses on the blue frog register would have received the warning message. but only the one that has always got a lot of spam was targeted. i think its obvious that they had my email address already and marked it as one that was removed from their database by the blue security tool.

all of which means that complying with their request merely means you’ll get all the usual spam minus the crap begging you not to be a member of blue frog.

moreover, if they were really nasty, they could compare the washed list from yesterday (your email removed) with a washed list after you quit (your email still present) and say ‘aha – this guy really reads his spam’ and put you on a special list for people susceptible to persuasion 😉

@Michael: yes, a dictionary attack would be easier. However, a friend of mine just analyzed the Blue Frog application, and found the list to be made up of SHA1 hashes (more difficult to break than MD5 as far as I know). Therefore, even with a dictionary attack, spammers would have to spend real huge resources to get the addresses from this list.

However, they are using a different method. See, they have their own lists, which they use everyday to spam people. What they do, is they create SHA1 hashes of the addresses they have on their own lists, and simply check whether this SHA1 is on the Blue Frog list. Therefore, what they can do is they can check which addresses that they already have are on the Blue Frog list. And these are the addresses which receive threats and an increased number of spam e-mail now.

From my experience, I have my whole domain and eight addresses on the Blue Security list. I am attacked at only one of them. There have also been reports, that people were receiving threats at addresses, which were not submitted to Blue Security. Therefore, this is all spammer’s lies.

My advice is, use Blue Frog and promote it even more. It HURTS spammers, therefore it’s effective. I’m sure this media coverage will bring more new users than the spammers were hoping to discourage, so the spammers are harming themselves.

user220 says:

doesn’t anyone realize all these “harrys” and “michaels” are simply blue security trying to save their image?

They are acting like anonymous blue security users, but apparently their ship has sunk, and it appears as a last ditch effort to save their credability.

They have been doing the same on specialham.com

One can tell by their type, font and grammar that all of this is written by the same person at blue security.

Unfortunately they learned like LYCOS that DDOSing doesn’t work and only infuriates people..

after this message, there will be another “harry or “michael” under a new alias trying to save the company as well.. it’s useless.. they are done for from what i have seen on specialham…

Unfortunately for the above commenter, “michael” is actually the same “michael” that posts the entries (almost) each and every day here at Spamroll – I may not be able to attest to owning any useful technical knowledge, but I can attest to the authenticity of the “michael” comments above. A quick search of Spamroll will also uncover that I am not a fan of Blue Security, and that I give everyone equal footing when arguing here.

Sorry user220, you are at least half wrong (and maybe all wrong, as there is only one “harry” poster above).

mcsolas says:

>There has been a lot of [untrue facts] running around about Blue Security

[untrue facts] also known as falsifications.

I am really interested to find out what is what here. I am a user of their system and “published” 3 of my email accounts with them. I am now getting ripped apart by the spammers.

What makes me worry is that at the bottom of the messages now, they tell you the bluesecurity.com site is down, and it is!

Im a bit worried. What is going to happen from here.

Did bluesecurity screw everyone over here then leave us hanging?

I wish I could give some comfort here, but I did suggest that Blue Security might be needing some more servers soon.

Seems the whole site is actually hurting: Safari could not open the page “http://bluesecurity.com/” because the server stopped responding.

Not good.

Wortherston says:

bluesecurity is done for… from the posts on specialham it appears they have set a mass ddos attack on their servers and have sent the entire blue security user database to over 200 spammers…

if I had an email address registered with blue security, I would be changing it ASAP before my hard drive filled up with thousands of spam messages a day…

they tried to fight fire with fire and the spammers fought back.. check specialham.com and see.. bluesecurity is done for that’s for sure…

Leave a Reply to mcsolas Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.