Porn Rewards Users To Get Past Anti-Spam Captchas

Stalke writes "Spammers are now usings a new technique to circumvent the 'captchas,' the distorted text in graphics, that users must input to receive the free email account. The spammers have cracked the system by displaying the 'captchas' on free porn sites in real time. Since there are always a large number of people signing up for free porn, they do the work of decripting the 'captchas' which is then replayed back into the spammers program to create a new email account. Who thought that porn could be a hacking technique!" Sure sounds plausible, though the link here says only "someone told me."

Re:Sounds like rubbish

[(trb001)]

OCR aside (you're right, it's far more advanced than most of the 'captchas' I've seen), this would be easy to do. Follow:

1) Person comes to sign up for porn
2) Porn site requests the captcha from the free email provider
3) Porn site presents the captcha to the user
4) User types in the string
5) Porn site presents the string to the free email provider.
6) If email provider accepts, good to go. If not, throw back exception to the user. Goto step 3.

No sessions are being expired here, you have your basic man in the middle attack.

--trb

Re:So they will just get more sophisticated

[PhuCknuT]

The spammers don't have to link to the original image, they can just copy it and serve it from the porn site. If done correctly, the free email server would never see anything out of the ordinary.