Featured Research

from universities, journals, and other organizations

E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say

Date:
December 11, 2003
Source:
Indiana University
Summary:
Internet users can be blind-sided by e-mail "cluster bombs" that inundate their inboxes with hundreds or thousands of messages in a short period of time, thereby paralyzing the users' online activities, according to a new report by researchers at Indiana University Bloomington and RSA Laboratories in Bedford, Mass.

BLOOMINGTON, Ind. -- Internet users can be blind-sided by e-mail "cluster bombs" that inundate their inboxes with hundreds or thousands of messages in a short period of time, thereby paralyzing the users' online activities, according to a new report by researchers at Indiana University Bloomington and RSA Laboratories in Bedford, Mass.

IUB computer scientist Filippo Menczer and RSA Laboratories Principal Research Scientist Markus Jakobsson describe in the December 2003 issue of ;login: a weakness in Web sites that makes the e-mail cluster bombs possible. A miscreant could, the authors say, pose as the victim and fill out Web site forms, such as those used to subscribe to a mailing list, using the victim's own e-mail address.

One or two automated messages would hardly overload an e-mail inbox. But Menczer, associate professor of informatics and computer science, said special software called agents, web-crawlers and scripts can be used by the bomber to fill in thousands of forms almost simultaneously, resulting in a "cluster bomb" of unwanted automatic reply e-mail messages to the victim. The attack can also target a victim's cell phone with a sudden, large volume of SMS (short message service) messages.

"This is a potential danger but also a problem that is easy to fix," Menczer said. "We wanted to let people know how to correct the problem before a hacker or malicious person exploits this vulnerability, causing real damage."

The barrage of messages would dominate the bandwidth of an Internet connection, making it difficult or impossible for the victim to access the Internet. This is called a distributed denial-of-service attack, because a large number of Web sites attack a single target.

The attack works because most Web forms do not verify the identity of the people -- or automated software agents -- filling them out. But Menczer said there are some simple things Web site managers can do to prevent attacks.

"Often, subscribing to a Web site results in an automatically generated e-mail message asking the subscriber something like, 'Do you want to subscribe to our Web site?'" Menczer said. "We propose that Web forms be written so that the forms do not cause a message to be sent to subscribers at all. Instead, the form would prompt subscribers to send their own e-mails confirming their interest in subscribing. This would prevent the Web site from being abused in a cluster bomb attack."

Menczer was an assistant professor of management sciences at the University of Iowa's Henry B. Tippie College of Business when the study was initiated. Funding for the study came from an National Science Foundation Career Grant and the Center for Discrete Mathematics and Theoretical Computer Science at Rutgers University.


Story Source:

The above story is based on materials provided by Indiana University. Note: Materials may be edited for content and length.


Cite This Page:

Indiana University. "E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say." ScienceDaily. ScienceDaily, 11 December 2003. <www.sciencedaily.com/releases/2003/12/031211074430.htm>.
Indiana University. (2003, December 11). E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say. ScienceDaily. Retrieved April 24, 2014 from www.sciencedaily.com/releases/2003/12/031211074430.htm
Indiana University. "E-mail 'Cluster Bombs' A Disaster Waiting To Happen, Computer Scientists Say." ScienceDaily. www.sciencedaily.com/releases/2003/12/031211074430.htm (accessed April 24, 2014).

Share This



More Computers & Math News

Thursday, April 24, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Monkeys Are Better At Math Than We Thought, Study Shows

Monkeys Are Better At Math Than We Thought, Study Shows

Newsy (Apr. 23, 2014) A Harvard University study suggests monkeys can use symbols to perform basic math calculations. Video provided by Newsy
Powered by NewsLook.com
High Court to Hear Dispute of TV Over Internet

High Court to Hear Dispute of TV Over Internet

AP (Apr. 22, 2014) The future of Aereo, an online service that provides over-the-air TV channels, hinges on a battle with broadcasters that goes before the U.S. Supreme Court on Tuesday. (April 22) Video provided by AP
Powered by NewsLook.com
Aereo Takes on Broadcast TV Titans in Supreme Court Today

Aereo Takes on Broadcast TV Titans in Supreme Court Today

TheStreet (Apr. 22, 2014) Aereo heads to the Supreme Court today to fight for its right to stream broadcast TV over the Internet -- against broadcasters who say the start-up infringes upon copyright law. TheStreet Deputy Managing Editor Leon Lazaroff explains the importance of the case in the TV industry and details what the outcome of it could mean for broadcasters and for cloud storage services -- as Aereo allows its subscribers to not just watch live TV shows but also store content to a DVR in the cloud. Video provided by TheStreet
Powered by NewsLook.com
Lytro Introduces 'Illum,' A Professional Light-Field Camera

Lytro Introduces 'Illum,' A Professional Light-Field Camera

Newsy (Apr. 22, 2014) The light-field photography engineers at Lytro unveiled their next innovation: a professional DSLR-like camera called "Illum." Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins