Wednesday 13 December 2006

Boxbe: Another C/R Spamhaus

Some buzz today about Boxbe -- a service that promises to forward unsolicited email only from those willing to pay a fee for your attention. I signed up to take a look, and was frankly horrified by what I found.

Boxbe is a front for another of these awful challenge/response setups. Look at the reply I got to a test message:

Subject: Held: testing

The message you sent to richi@boxbe.com regarding "testing" is being held undelivered because he or she has not pre-approved your email address [redacted] for access.

To deliver your message, you can:

* Take a short test (a simple test by following the link below
[link redacted]

* Pay a small fee (USD $0.15) which
Boxbe will share with the richi@boxbe.com. This is intended
for advertisers. To pay, click on the link below:
[link redacted]
Sigh. In case you've not heard the mantra already:
  1. Challenge/response causes spam (because spammers forge the sender)
  2. So if you use C/R, you're a spammer
  3. Filtering your spam is not my job
  4. If everyone used it, email wouldn't work!

Prediction: if Boxbe gets popular, spammers will start sending to it, which will cause backscatter complaints, which will cause blacklisting of Boxbe's servers.

Here's why backscatter is bad, and here's more about the stupid idea that is challenge/response. But don't just take my word for it.

Other Boxbe coverage at Wired, GigaOM, Download Squad.

Tuesday 12 December 2006

Is this a Schadenfreudian Slip?

Don'cha just hate smug robots? Don'cha just love it when they fail?

Poor Asimo-chan. My favourite part is when the minders rush on and pull screens around its confused, flailing body...

I, for one, welcome our new falling-over-embarrassingly robot overlords.

[Hat tip: Howard]

Sunday 10 December 2006

GOOD News: Innocent Woman's PC Seized by Police

What's that you say? Good news? Read on...

Denver woman has PC. PC gets infected by remote-access malware. PC becomes zombie. PC does bad things. Armed police come knocking with warrant. PC seized as evidence. Local ABC news says:

Investigators said someone hacked into [Serry] Winkler's computer ... and used it with a stolen credit card to make fraudulent purchases online ... "Four sheriffs from the Boulder County Sheriff's Office with flak jackets and weapons drawn pounded on my door," said Winkler. "You're just not prepared for it." ... Winkler didn't have a firewall on her computer, which she said was too old. "I've tried it, but it just slows it down so badly that I can't," she said.

Internet security expert Rick Orr of Symantec said that early on, hacking activity was related to fame. "What we've seen in the last few years is a transition from a motivation of fame to a motivation of financial gain," said Orr. He said thieves don't take holidays and when it comes to Internet security, neither should you.

I say: good. I'm glad this happened and that it's getting some publicity (albeit local).

While I'm sad that Ms. Winkler was scared and inconvenienced, a few more of these sort of stories might actually make people more likely to protect their PCs. That ought to put a serious dent in the spam-spewing botnet problem.

Like this post? Digg it.

[Hat tip: Fergie.]