Forwarded from: security curmudgeon <jericho@private> : http://money.cnn.com/2005/03/22/technology/ibm_spam/index.htm?cnn=yes : : March 22, 2005: 12:22 PM EST : : NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends : unwanted e-mails back to the spammers who sent them. Jeez, not only is IBM years behind the bandwagon as usual, they are jumping on a broken bandwagon full of dangerous moving parts. : The new IBM (Research) service, known as FairUCE, essentially uses a : giant database to identify computers that are sending spam. E-mails : coming from a computer on the spam database are sent directly back to : the computer, not just the e-mail account, that sent them. This is entirely worthless as a paragraph and explanation for what IBM plans to do. Most machines that are sending spam are Joe User's home computer that has been compromised by a spammer, trojan or worm. Most of these computers don't run a SMTP server to receive e-mail. Most of these machines have nothing to do with the person truly sending the spam. Most of these computers have no tie to the "e-mail account" of the person sending them. All this will do is shove a lot of unwanted mail to victims of computer crime, not the perpetrator of the spam. Most of this mail will not be delivered and cause more bounces back to IBM causing more headache. : "By creating a multi-layered defense that proactively repels spam at its : source, companies can get ahead of spammers and malicious hackers who : are always looking for new ways of penetrating IT systems through : e-mail." Uh hello IBM, sending spam back at people isn't "defense", that is "offense". : IBM said the new solution effectively minimizes the growing threats of : "phishing and spoofing -- tactics used to trick people into disclosing : information that can lead to identity theft." Sending spam back at the source of the spam hitting your network does not reduce any threats. Spam, phising and spoofed mails still come in from a ton of other sources, possibly even the same hosts IBM is 'spamming' back. : IBM has previously offered anti-spam filter technology, but this is the : first time the company has developed technology to "send spam back to : the spammer," according to IBM spokeswoman Kelli Gail. IBM is not : concerned about liability, even in cases where innocent senders might be : misidentified as spammers, because all the technology does is bounce : back the e-mails, said Gail. This is a dangerous game to play in this day and age of spoofed emails. I do not send spam to anyone, yet every day I receive bounces suggesting that my email address is used as the 'from' line of hundreds, maybe thousands of mail. If IBM decides to send me these mails back instead of deleting them, they will be originating a denial of service style attack on me, when I wasn't the perpetrator or the innocent *sender*. IBM can count on thousands of admins blocking all of the IBM domain/IP space to avoid this headache. I hope their customers understand this when they start to have problems reaching the rest of the internet. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 23 2005 - 01:20:43 PST