Featured Research

from universities, journals, and other organizations

E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say

Date:
December 11, 2003
Source:
Indiana University
Summary:
Internet users can be blind-sided by e-mail "cluster bombs" that inundate their inboxes with hundreds or thousands of messages in a short period of time, thereby paralyzing the users' online activities, according to a new report by researchers at Indiana University Bloomington and RSA Laboratories in Bedford, Mass.

BLOOMINGTON, Ind. -- Internet users can be blind-sided by e-mail "cluster bombs" that inundate their inboxes with hundreds or thousands of messages in a short period of time, thereby paralyzing the users' online activities, according to a new report by researchers at Indiana University Bloomington and RSA Laboratories in Bedford, Mass.

Related Articles


IUB computer scientist Filippo Menczer and RSA Laboratories Principal Research Scientist Markus Jakobsson describe in the December 2003 issue of ;login: a weakness in Web sites that makes the e-mail cluster bombs possible. A miscreant could, the authors say, pose as the victim and fill out Web site forms, such as those used to subscribe to a mailing list, using the victim's own e-mail address.

One or two automated messages would hardly overload an e-mail inbox. But Menczer, associate professor of informatics and computer science, said special software called agents, web-crawlers and scripts can be used by the bomber to fill in thousands of forms almost simultaneously, resulting in a "cluster bomb" of unwanted automatic reply e-mail messages to the victim. The attack can also target a victim's cell phone with a sudden, large volume of SMS (short message service) messages.

"This is a potential danger but also a problem that is easy to fix," Menczer said. "We wanted to let people know how to correct the problem before a hacker or malicious person exploits this vulnerability, causing real damage."

The barrage of messages would dominate the bandwidth of an Internet connection, making it difficult or impossible for the victim to access the Internet. This is called a distributed denial-of-service attack, because a large number of Web sites attack a single target.

The attack works because most Web forms do not verify the identity of the people -- or automated software agents -- filling them out. But Menczer said there are some simple things Web site managers can do to prevent attacks.

"Often, subscribing to a Web site results in an automatically generated e-mail message asking the subscriber something like, 'Do you want to subscribe to our Web site?'" Menczer said. "We propose that Web forms be written so that the forms do not cause a message to be sent to subscribers at all. Instead, the form would prompt subscribers to send their own e-mails confirming their interest in subscribing. This would prevent the Web site from being abused in a cluster bomb attack."

Menczer was an assistant professor of management sciences at the University of Iowa's Henry B. Tippie College of Business when the study was initiated. Funding for the study came from an National Science Foundation Career Grant and the Center for Discrete Mathematics and Theoretical Computer Science at Rutgers University.


Story Source:

The above story is based on materials provided by Indiana University. Note: Materials may be edited for content and length.


Cite This Page:

Indiana University. "E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say." ScienceDaily. ScienceDaily, 11 December 2003. <www.sciencedaily.com/releases/2003/12/031211074430.htm>.
Indiana University. (2003, December 11). E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say. ScienceDaily. Retrieved December 19, 2014 from www.sciencedaily.com/releases/2003/12/031211074430.htm
Indiana University. "E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say." ScienceDaily. www.sciencedaily.com/releases/2003/12/031211074430.htm (accessed December 19, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, December 19, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Navy Unveils Robot Fish

Navy Unveils Robot Fish

Reuters - Light News Video Online (Dec. 18, 2014) The U.S. Navy unveils an underwater device that mimics the movement of a fish. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
How 2014 Shaped The Future Of The Internet

How 2014 Shaped The Future Of The Internet

Newsy (Dec. 18, 2014) It has been a long, busy year for Net Neutrality. The stage is set for an expected landmark FCC decision sometime in 2015. Video provided by Newsy
Powered by NewsLook.com
White House: Sony Hack a 'serious National Security Matter'

White House: Sony Hack a 'serious National Security Matter'

AFP (Dec. 18, 2014) White House spokesperson Josh Earnest says cyber attacks that ultimately prompted Sony Pictures to scrap the release of a madcap comedy about North Korea are a "serious national security matter." Duration: 00:35 Video provided by AFP
Powered by NewsLook.com
Google Maps Lets You Tour Street View in Virtual Reality

Google Maps Lets You Tour Street View in Virtual Reality

Buzz60 (Dec. 18, 2014) Google Maps now lets Android users see cities on Street View in virtual reality with the special Cardboard feature. Sean Dowling (@Seandowlingtv) has the details. Video provided by Buzz60
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins