Comments on: OpenIdea: Give Spammers What They Want….

By: Cristiano Betta

Cristiano Betta — Sat, 20 Oct 2007 10:59:27 +0000

@Joop: I bloody well know how browsers and security work, but honestly, your original idea of keeping your IP secret is bullshit. The most important thing is to keep your system updated and in gridlock, making sure someone doesn’t get your IP is just security by obscurity

Now I agree that your browser is there on the front-line, and it is hard to keep some systems (windows) completely secure, but if you have a secure browsers, anything they can do they can also do by just going around and scanning all the systems on the web. I used to run a webserver on a local server and if you see how many times a day you get polled for common exploits, it’s amazing. And I didn’t even have to press a link for that!

Viruses and exploits are way less common these days than fishing. People want money from you, not the honor of crashing your system and removing your data. I am simply afraid that this behaviour will teach people how to become more of a target for phishing attacks.

By: Stefson

Stefson — Sat, 20 Oct 2007 09:13:16 +0000

Visit Retecool.com at times.
They do a DDOS every now and then against a spammer. Loads of visitors participate in the attacks …

I think the idea is nice, but this would be an open invitation to virusses and trojans and god knows what else.
Better if no-one ever clicked a spam link again.

/wishfull thinking off

By: Joop

Joop — Sat, 20 Oct 2007 07:36:39 +0000

@Cristiano, you are totally right;

Bad intentions need a lot of expertise, more than just a IP address. But let me explain why I mentioned that I don’t want to run any URL. Let me quote Steve Gibson on this one:

“So I guess my point is that the reason the browser is a focus point is it’s out there on the frontline. I mean, you’re literally, when you click a link, you are sending your browser off to somewhere it has never been before, maybe you’ve never been before. And it’s like, good’luck!

… what you’re really doing when you click the link is you are asking a server Lord knows where to send you a blob of stuff which your browser, running on your computer I mean, maybe this is even more scary, it’s the actual truth of what’s happening, is you’re saying, you know, let me have it. And so this blob of code comes down into your computer, and your browser says, okay, here we go. And with the best of intentions and in good faith it starts reading this page, displaying things and running scripts which may be included in that code. And who knows what’s going to happen? And so it’s not that the browser is worse code than any other code we have. It’s just that it’s the frontline. It’s right out there as you surf the Net, getting pounded with the stuff from any website that you visit.

…So from my way of thinking, I want my shields up.”

This discussion is not about the threats to browsers, I am just saying that it would be nice if those links are not followed with my default browsing system. What do you say?

By: Cristiano Betta

Cristiano Betta — Fri, 19 Oct 2007 21:46:47 +0000

@Joop: Hate to disappoint you, but they CAN’T take over your pc because they have your IP. They need a whole lot more than that ;)

By: Joop

Joop — Fri, 19 Oct 2007 21:44:00 +0000

I love the idea, but the spam-link has to be followed in a prisoned runtime on my computer. If you visit a link, you basically give away your IP address, and allow the possible spammer to run any script on your computer. That is what needs to be addressed. I am just wondering, who ordered a p3nis enlarger or Viagr@ through his email? it seems so difficult! ;) I would love gmail junkmail ‘processing’ like you discussed, would certainly add an extra problem for the spamfarmers…

By: Reinier Zwitserloot

Reinier Zwitserloot — Fri, 19 Oct 2007 18:59:48 +0000

So, if I send some spam with a link to a blog of someone I don’t like, his server gets hosed and if I’m very lucky, he gets a very scary bandwidth bill.

sweet!

No, this won’t work - same reason most ‘active spam deterrent’ has problems. It opens the door to use the very spam deterrents in place to DDoS someone.

By: Edo van Santen

Edo van Santen — Fri, 19 Oct 2007 16:51:20 +0000

at least, it is a creative idea! who knows it would work.

By: Cristiano Betta

Cristiano Betta — Fri, 19 Oct 2007 15:07:53 +0000

Problem though with this is that you promote bad behaviour, making people and obviously more likely target for phishing/virusses. Your idea defeats the whole groundrule of never opening a mail and following a link of someone you don’t know.

Obviously we geeks with our Macs/Linux machines can go nuts, but how much of a DDoS can we bring along with this?