In This Issue: 1. Editor's Note: Blue Security Shoots Itself, And Thousands Of Other People, In The Foot 2. Today's Top Story - Yahoo Sued For Spyware-Driven Click Fraud 3. Breaking News - Microsoft Investment Hike To Continue: Ballmer - Philadelphia Counts Down To Citywide Wireless - Brief: AOL's AIM Users To Get A Free Phone Number - Sun Readies Java EE 5 For Launch - Moscow Wi-Fi Network To Reach 4 Million Homes - Cyberspace Running Out Of Addresses: Report - Original Star Wars Films Land On DVD - IT, Communications Spending In China Soars - Brief: Nintendo To Launch DS Lite Device In U.S. - Tech Terms Baffle Most U.S. Adults: Poll 4. Grab Bag: News You Need From Around The Web - Judges Challenge Internet Wiretap Rules (Yahoo News) - House Panel Calls For Broader Gambling Ban (InternetNews.com) - Electric Car Faster Than Ferrari Or Porsche (Business 2.0) 5. In Depth: Security - Microsoft: Users May Have To Prove Legal Windows Use - Security Threats Rising For Apple Macs, Report Shows - Blue Security Shifted Attack, Brought Down Blogs - Blue Security Denies It's At Fault In Blog Outage - Microsoft Plans Three Patches This Week - McAfee Launches VirusScan For Mactel 6. Voice Of Authority - Open Source: Who Takes But Doesn't Give Back? 7. White Papers - 9 Steps To Building A B2B Business Case 8. Get More Out Of InformationWeek 9. Manage Your Newsletter Subscription
Quote of the day: "Under certain circumstances, profanity provides a relief denied even to prayer." -- Mark Twain
1. Editor's Note: Blue Security Shoots Itself, And Thousands Of Other People, In The Foot
When an outfit called Blue Security launched a service to go after spammers with vigilante justice, any idiot could've foreseen big problems.
It wasn't a tough prediction to make. Vigilante justice is always a bad idea because it often results in innocent people getting hurt. And that's what happened, as a spammer's counterattack against Blue Security brought down thousands of blogs worldwide.
Blue Security's business model is to identify spammers and launch denial-of-service attacks against them. E-mail users sign up for the Blue Security service. Every time a Blue Security-protected E-mail account gets a spam message, Blue Security sends an unsubscribe request to the sender's site. Not just one unsubscribe request—it peppers the sender with multiple requests for every single spam message received.
The plan is that eventually the spammers will have to stop sending their spam because every single spam message will result in stepping up the DoS attack on the originating site. (Blue Security denies it's a DoS attack, but of course it is.)
Blue Security's business model is certainly tempting. Spammers are sleazy, low-life thieves, stealing time and computing resources from honest working people like you and me. Technology is only partly effective at stopping them, and laws like the United States' CAN-SPAM Act are a joke.
Still, vigilante justice isn't the answer, because when victims resort to vigilante justice, innocent people get hurt.
The problem: Blue Security's blog is hosted by a third-party service run by Six Apart, and Blue Security didn't even notify Six Apart, let alone get permission.
The redirected DoS attack against Blue Security brought down Six Apart's popular TypePad and LiveJournal blogging services. That brought down thousands and thousands of blogs around the world (including, by the way, my personal blog).
This isn't exactly what I predicted back in July. Back then, I predicted that Blue Security itself would start aiming its DoS attacks against innocent parties whom Blue Security thought, erroneously, were spammers.
What happened here is that innocent parties—Six Apart and its customers—got caught in the crossfire between Blue Security and a spammer. That's another common problem with vigilante justice: Innocent people get stuck in the middle.
Or, as one observer put it: "If my couch is on fire, I don't push it out of my house and into my neighbor's."
Spam is a problem, but Blue Security isn't helping solve the problem. It's only making it worse.
Sun Readies Java EE 5 For Launch This week's community process launch lays the groundwork for what Sun is calling the most significant update to the corporate version of the development platform in more than five years.
----- The latest research, polls, and tools ----- IT Salary Adviser--Benchmark Your Pay Learn how your pay compares to that of your peers with our free and confidential online tool. Featuring more than 20 job functions and tracking IT compensation across 20 metropolitan areas, InformationWeek Research's 2006 IT Salary Adviser makes it easy to compare your salary and compensation.
Do You Access Our Content From A BlackBerry Or Treo? Many of our readers do, and we want to ensure that you get the best experience in using our content. So we've created a PDA-friendly version of our news content, with similarly streamlined content pages, to make your PDA experience a good one. Check out our latest enhancement. -----------------------------------------
4. Grab Bag: News You Need From Around The Web
Judges Challenge Internet Wiretap Rules (Yahoo News) A U.S. appeals panel sharply challenged the Bush administration over new rules making it easier for police and the FBI to wiretap Internet phone calls. A judge said the government's courtroom arguments were "gobbledygook."
Microsoft: Users May Have To Prove Legal Windows Use Microsoft is piloting an opt-in notification service for its Windows Genuine Advantage online verification program in the U.S., which may make it mandatory for users to get Automatic Update or Windows Update Rights.
McAfee Launches VirusScan For Mactel McAfee released a report claiming a huge increase in Apple vulnerabilities, and then followed that up with an anti-virus product for Intel-based Macs.
6. Voice Of Authority
Open Source: Who Takes But Doesn't Give Back? Charles Babcock says: Do the companies that benefit the most from open-source code give anything back to the community? That's a provocative question that comes up when you take a close look at how prominent open-source projects actually work. I don't want to point any fingers, but what about the banks and financial services firms? How much do they give back?
7. White Papers
9 Steps To Building A B2B Business Case Get executive approval for your B2B initiatives with this guide. Learn how to create a compelling business case by following these nine steps to quickly secure funding and executive approval, as well as maximize success.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.