Slashdot Mirror

← Back to Stories (view on slashdot.org)

Porn Rewards Users To Get Past Anti-Spam Captchas

Posted by timothy on from the pull-this-lever-a-few-times dept.

Stalke writes "Spammers are now usings a new technique to circumvent the 'captchas,' the distorted text in graphics, that users must input to receive the free email account. The spammers have cracked the system by displaying the 'captchas' on free porn sites in real time. Since there are always a large number of people signing up for free porn, they do the work of decripting the 'captchas' which is then replayed back into the spammers program to create a new email account. Who thought that porn could be a hacking technique!" Sure sounds plausible, though the link here says only "someone told me."

85 of 420 comments (clear)

  1. I am not looking at porn by hetairoi · · Score: 5, Funny

    I'm hacking ..... now go away, what I'm doing in here is private.

    --
    you're all figments of my deranged imagination
    1. Re:I am not looking at porn by Grotus · · Score: 2, Informative

      Here's a little hint, it isn't Slashdot that collapses your two spaces into one, it is your browser, which is following the HTML specification concerning white space.

      Now, the case of <code> elements is different. Although it doesn't say so in the HTML spec, most browsers handle them with white space being preserved.

      --
      "From my cold, dead hands you damn, dirty apes!" - CH
  2. Foundation by millahtime · · Score: 3, Insightful

    Porn, the foundation of the internet. It will never go away or die. It has more uses then we can even imagine.

    --
    Evolution or ID?
    1. Re:Foundation by krumms · · Score: 5, Funny

      It has more uses then we can even imagine.

      And several uses that we just don't WANT to imagine :P

    2. Re:Foundation by Gogl · · Score: 4, Funny

      "Porn, the foundation of the internet. It will never go away or die. It has more uses then we can even imagine."

      Agreed. It is an energy field created by all living things. It surrounds us, penetrates us, and binds the galaxy together.

      Hrmm...

    3. Re:Foundation by cartzworth · · Score: 3, Funny

      More like BLINDs the galaxy together.

    4. Re:Foundation by dmayle · · Score: 4, Funny

      It had to be said...

      Imagine a beowulf cluster of porn viewers.

      (Which is basically what this is)

    5. Re:Foundation by chaoticset · · Score: 5, Funny
      "Porn...is there anything it can't do?"

      Sorry.

      --

      -----------------------
      You are what you think.
    6. Re:Foundation by Dyolf+Knip · · Score: 5, Funny
      It surrounds us, penetrates us, and binds the galaxy together.

      Well, one out of three ain't bad.

      --
      Dyolf Knip
  3. Nifty by turbofisk · · Score: 5, Funny

    I'm not for spamming... But if I were a spammer... I would pat myself on my back... Pretty nifty... Bastards!

    1. Re:Nifty by acidtripp101 · · Score: 4, Interesting

      I thought this exact same thing. Every time I see a simple 'sollution' to a 'problem' like this, I always have to give the creator credit due to them... I don't care whether it's for the linux kernel or to send me pills for a larger penis, it's still ingenious.

      --
      Not Free(as in beer). Free(as in "I'm free to beat you over the head for being a dumbass")
    2. Re:Nifty by fermion · · Score: 2, Insightful
      We have always said every security system has a crack. We may not be able to think of it. We may not think the crack is cost effective, but the crack exists and will become feasable.

      This is fuckin' briliant. A pure barter system. A product that has value but many are not willing to pay for. A small service that takes very little time but will create value.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    3. Re:Nifty by kramer2718 · · Score: 5, Interesting

      Sure, give credit, but not to spammers. Manuel Blum, who invented CAPTCHA, came to speak at my school. First, he explained CAPTCHA. Then he explained how to beat it. The idea is called 'stealing cycles'. In his version, the CAPTCHA tests would be part of games rather than porn sites, but the concept is the same.

      --
      http://yetanotherpoliticalrant.blogspot.com
  4. Re:Easy fix by Cyno01 · · Score: 2, Funny

    Stay away from porn? You're new here, right?

    --
    "Sic Semper Tyrannosaurus Rex."
  5. Proof! by RiscIt · · Score: 5, Funny


    Proof once again that porn (and it's usually associated activities... ahem) will NOT make you go blind!

    1. Re:Proof! by Scarblac · · Score: 4, Funny

      Oh yeah? So why do they do it only at the signup page?

      --
      I believe posters are recognized by their sig. So I made one.
  6. Re:Easy fix by millahtime · · Score: 2, Funny

    "Stay away from porn and you don't have to worry about this way of spammers getting your email address."

    Yeah, like that is really going to happen. The internet would crash if that happened. So many internet accouts would be caneceled that ISPs would go out of business. It would be the doom of the internet.

    --
    Evolution or ID?
  7. Spam spam spam spam SPAAM! by seidleroniman · · Score: 4, Insightful

    What is everyone in the Slashdot crowd gonna do? On one hand you dont want to get spammed, but on the other hand you NEED your pr0n. However, i think this will take care of itself because eventually people will be too busy deleting spam to look at pr0n online, reducing the amount of spam....Ok, i'm half kidding, but i really do think this is an ingenius way of spammers getting around certain barriers. Say what you will, but spammers have shown/proven that they can overcome many obstacles to continue their spamming.

    1. Re:Spam spam spam spam SPAAM! by routerwhore · · Score: 3, Funny

      I'm sorry, you incorrectly assumed you had two hands free in this exercise to make your point. I believe one of those would be occupied...

    2. Re:Spam spam spam spam SPAAM! by thedillybar · · Score: 5, Insightful
      What are we going to do?

      How about type something other than what's in the box? I seriously doubt you have to sit there waiting while it verifies that what you entered is actually correct. They're probably just assuming most people will type it correctly.

    3. Re:Spam spam spam spam SPAAM! by Zeinfeld · · Score: 3, Interesting
      What are we going to do?

      I think half of us are going to flame on slashdot and the other half will go off to find the web site where you can get the free porn.

      I hate these C/R schemes, they are OK when they are used for mailing lists or for checking signups to Yahoo! mail or some other forum where the intent is to protect ME. I do not accept that they are at all legitimate when the only purpose is to protect some dweeb who thinks he is really important.

      Worst of all are the systems that send out C/R challenges in response to email that was a reply to something that the challenger sent. I get students asking me some question about a Web spec or something else I did. I spend time writing an answer and then get a C/R challenge. Like some student's time is much more important than mine...

      Worst of all are the C/R systems that don't whitelist after the first challenge. Dan Bernstein is the worst offender here, I answered three of his challenges and still get his robot if I make the mistake of replying to one of his mails to me. So I have his robot blacklisted in my email.

      So on balance I am not at all sad that the nuisance of C/R tests looks like it will be soon ended.

      What is worrying though is that the fact such schemes have worked may well mean that hashcash and other CPU payment schemes are not viable either. The senders could run a java component on the porn viewers machine to generate message authentication ids.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    4. Re:Spam spam spam spam SPAAM! by Anonymous Coward · · Score: 5, Insightful

      Why sign up for porn? Damn, isn't there enough available without signing up? It's bad enough that they can match your IP address; why give them registration info too? It's hysterical that a bunch of geeks who won't sign up to read the New York Times will gladly give name, rank, and serial number for porn.

  8. Sounds like rubbish by Snipet · · Score: 3, Insightful

    Two reasons this sounds like rubbish: The catchups are generated on a per session basis for the person trying to sign up for the email address . Surely if they then try and get a third party to do the decoding the session will be expired. Also The article points out that Optical Character recognition is more than adequate to break this so I can not see a situation that spammers would do this elaborate probably unworkable method over OCR. No facts and a friend of a friend source makes this sound like total BS.

    --
    The internet makes me stupid.
    1. Re:Sounds like rubbish by ellisDtrails · · Score: 2, Funny

      It would not be that hard to use server-side HTTP requests with a scripting language like PHP or "compiled" language like C#/.NET and a Message Queue to accomplish this. Hey, maybe I'll write one of these I am sure the porn people pay more than my shitty company. ellis

      --
      GetTheJob.com : Nothing but Real Jobs.
    2. Re:Sounds like rubbish by superwiz · · Score: 5, Interesting

      Catchups are constantly designed to be undecodable by OCR. But the porn solution doesn't sound like rubbish at all. It actually sounds quite clever. Here's how it might work: 1.An automated script tries to sign up for public emails (yahoo, hotmail, etc.). 2.At some stage during sign up a page with a catchup is "presented" to the script. 3.The script gets the catchup out of the page and adds it to a pool of catchups to be associated with their perspective words. 4. At some point, shortly after, a visitor to a porn site is presented with a catchup and enters the correct word. THIS IS, BY THE WAY, A PERFECT WAY TO FOIL SPAMMERS AND TO STILL GET YOUR PORN -- since the porn site doesn't, in fact, know what the catchup is supposed to be and is only using you, enter a wrong one. 5. The word entered by the user on the porn site is used to submit a reply to the public email system.

      --
      Any guest worker system is indistinguishable from indentured servitude.
    3. Re:Sounds like rubbish by Z-MaxX · · Score: 5, Informative
      Two reasons this sounds like rubbish: The catchups are generated on a per session basis for the person trying to sign up for the email address . Surely if they then try and get a third party to do the decoding the session will be expired.
      Not neccesarily. From the writeup:
      by displaying the 'captchas' on free porn sites in real time.
      If you have thousands of visitors every hour, then you only have to wait a few seconds on average to have your image shown to a user and a few more seconds for the user to respond.
      --
      Dr Superlove 300ml. I use my powers for awesome
    4. Re:Sounds like rubbish by Peridriga · · Score: 2, Interesting

      Well.... yes the facts are missing but, I could think of the progam logic.

      Load page to harvest captchas
      Save the captchas image to DB
      Maintain open page where captchas was harvested
      Serve captchas to real user on porn site
      Capture real user's response to captchas
      Re-input user's repsonse to the text field on the harvest page
      Voila.

      Still the same session on the harvest page, just multi-tasked the captchas out. A script can maintain a session just like a user can.

      Now... The band-aid (not the fix) comes by accepting all user information first (name, address, etc) then on the next page request the captchas input. Have that page have a cookie timeout of 30 seconds. If the user can't read 7 charecters in 30 seconds then redisplay another one. After x number of failures ban for 10 minutes etc...

      Now this fails if the spam harvester has access to enough concurrent hits on his false verifier to maintain the 30 second window but, I'd hope at that point his profit margin has shrunk a great deal more due to the traffic requirements.

    5. Re:Sounds like rubbish by Anonymous Coward · · Score: 2, Informative

      'Bot logs into the mail server and attempts to sign up for a new email address. 'Bot recieves page showing the imaged text. 'Bot grabs the image and redisplays it on the entry page for the next person accessing the free porn. That person enters the text, which is sent back to the 'bot. This only takes a few seconds if a person signs in to the porn page in the right time frame. If the porn site gets reasonably heavy traffic, one certainly will. If not and the page times out, the 'bot just tirelessly tries it again. Or the 'bot waits until someone tries to access the free porn, gives them an intro page to distract them while it contacts the email server and gets the imaged text. For every person who accesses the porn site, the 'bot gets a new email address.

      OCR may or may not be good enough. However, the whole purpose of the graphics is that the text is obfuscated in such a way that it makes it difficult for OCR but still easy for humans. The article says that which a computer can generate, a computer can often solve. Sometimes perhaps, but certainly not always. For a trivial example, take a photograph and change every pixel in it to black. A computer can do it but another computer can obviously not undo it, as all of the original information is lost. When you blur or otherwise obfuscate text, you're destroying information. The remaining information may be sufficient for a human to understand it, but insufficient for an OCR algorithm. I haven't seen anything reliable which evaluates OCR on captchas, but I know how well OCR does on regular scanned text. It's much better than it used to be but still far from exact.

    6. Re:Sounds like rubbish by (trb001) · · Score: 3, Redundant

      OCR aside (you're right, it's far more advanced than most of the 'captchas' I've seen), this would be easy to do. Follow:

      1) Person comes to sign up for porn
      2) Porn site requests the captcha from the free email provider
      3) Porn site presents the captcha to the user
      4) User types in the string
      5) Porn site presents the string to the free email provider.
      6) If email provider accepts, good to go. If not, throw back exception to the user. Goto step 3.

      No sessions are being expired here, you have your basic man in the middle attack.

      --trb

    7. Re:Sounds like rubbish by JDevers · · Score: 4, Insightful

      Think about the same thing, but in reverse. Have the script run ONLY when someone signs up for the free porn, it automatically connects to the free e-mail provider and the glyph is just tranfered to the viewer in truly real time...

    8. Re:Sounds like rubbish by mark-t · · Score: 3, Informative
      Wrong. Here's how it works.

      Porn site gets a visitor.
      The cgi or other executable on the web server's site then starts to sign up for an email account, and caches the graphic that must be decoded.
      The exact same graphic is presented to the porn site visitor.
      The porn visitor decodes the graphic and clicks "Submit"
      The program at the porn site then finishes signing up for an email account by entering the text that the porn visitor entered.
      If the email address is successfully created, the program then permits the user into the restricted area, otherwise entrance is denied and the whole process repeated.

      Yes, these images are generated on a per session basis, but the whole point is that each visitor to a porn site gives the porn sites a new potential email address with which to spam.

      It's actually quite ingenious if you ask me.

      --
      File under 'M' for 'Manic ranting'
    9. Re:Sounds like rubbish by druske · · Score: 4, Insightful

      The porn site wouldn't know what the catchup was supposed to be, but the email signup page would, and if the wrong response was provided, it'd return a page saying so. The porn site could parse that page and reject the user's answer. No valid response, no naughty bits.

      Without any facts to back the story up, I don't know if this is really happening, but it sounds plausible. I wonder if anyone's filed a patent on the method? ;)

    10. Re:Sounds like rubbish by Tim+Macinta · · Score: 4, Interesting
      I have been letting people set up free email accounts at kmfms.com for awhile, and there has been an abnormally large surge in new accounts recently (and the sign-up process does use the distorted letters). These have been junk accounts too. I had a huge number of sign-ups just last night and only 1 person actually came through my site first (the email service is provided by everyone.net, so somebody was evidently going straight there without hitting my site first). Once these junk accounts are created, spammers then send email from their own servers, but with the return address of the junk account. I don't know why they are doing this - I seriously doubt they are checking the accounts, and they aren't actually sending anything from the accounts, but they are doing it nonetheless and I have been getting a lot of complaints recently about spam even though all of the headers inidicate that my network and everyone.net's network wasn't involved.

      I have given up that this point and as of today I am switching the email system so that all new users must be paid users. These spammers are like a swarm of locust consuming everything in their path, and now they have destroyed the free service I had been offering for years. I wish they were in the US so I could pursue legal action.

      --

      -----

      Free P2P Backup, Windows & Linux

    11. Re:Sounds like rubbish by Imperator · · Score: 4, Insightful
      THIS IS, BY THE WAY, A PERFECT WAY TO FOIL SPAMMERS AND TO STILL GET YOUR PORN -- since the porn site doesn't, in fact, know what the catchup is supposed to be and is only using you, enter a wrong one.

      Uh, if the spammers are smart, they'll actually use the word you give them to submit the form, and if it doesn't work they'll make you enter another one. some of them are hiring smart people. Maybe if there weren't so many out-of-work programmers in the world...

      --

      Gates' Law: Every 18 months, the speed of software halves.
    12. Re:Sounds like rubbish by IthnkImParanoid · · Score: 3, Interesting

      I believe what the grandparent was saying is that when you sign up for porn, the bot starts the email account sign up process. There's a short delay (for you) while the bot grabs the glyph and sends it to be displayed on your page. You enter it, then the bot immediately attempts to complete the email account sign up process. If the word is correct, you're given a success page, and if not the bot gives you another glyph to decipher.

      This process won't add much at all to the time it takes to sign up for an email account, so reducing the expiration time won't solve the problem. It only helps if the bot has already started the email account sign up (a long time) before you start the porn sign up process.

      It's quite clever.

      --
      It's nothing but crumpled porno and Ayn Rand.
  9. Easily countered by Yggdrasil42 · · Score: 4, Interesting

    This can be easily countered if the free e-mail sites configure their servers, so that the 'captchas' can only be loaded into pages that they've served themselves.

    I'm not sure how that works, but I've seen it in action on some sites.

    Maybe someone else knows how it's done?

    1. Re:Easily countered by perlionex · · Score: 2, Insightful

      I'm sure it's only loaded into pages they've served themselves. The p0rn sites just grab the image, then display from their own sites to the users directly. When the users send the correct text back to the p0rn site, the site then sends it back to the website. It's actually quite trivial, but ingenious.

      --
      Gan Family Homepage
    2. Re:Easily countered by Violet+Null · · Score: 5, Informative

      Wouldn't matter.

      Automated spam script goes to sign up new email address, gets presented captcha. Downloads captcha -- as the server would expect any normal web browser to do.

      Captcha is copied to some location. Filename probably contains information that can identify the specific script that's running, since there'll undoubtedly be many going simultaneously.

      From that point, there's about 20 minutes, give or take, for the porn site to display the copy of the captcha and ask for the user's input. On a site seeing any amount of traffic at all, that should be more than enough.

      Once a user has given input, the spam script is notified, and sends the input back to the captcha server. The captcha server never sees the IP address of the human -- it only deals with the spam script -- so it'll never know anything's up.

  10. good or evil by nizo · · Score: 2, Funny

    Now if we could only get spammers to use their ingenuity for good rather than evil, we could solve all of the worlds problems.

    --
    I Am My Own Worst Enemy
    1. Re:good or evil by mlush · · Score: 3, Interesting
      Now if we could only get spammers to use their ingenuity for good rather than evil, we could solve all of the worlds problems.

      I could see this working for some image recognition problems. To get the next page you have to perform some small task. Salt the tasks with 10% control images for which you know the answer and a finders fee where you get a weeks free access if you find X or do Y work units. Could be used in to check survalance video images ...

  11. Easy fix. by Black+Parrot · · Score: 4, Funny


    For your captcha, use a picture of a really ugly old woman with "click here to see more" written across it, and no one visiting a porn site will help with the decryption.

    --
    Sheesh, evil *and* a jerk. -- Jade
  12. Valid News Sources by akadruid · · Score: 4, Insightful

    Is it just me or are people becoming less critical about what a valid news sources is?
    'Someone told me...' on a 'blog'?

    That doesn't carry quite the weight of the BBC and Reuters to me, but I suppose there's a good chance no-one was threatened by a 'democratic' government during the production of the article, so maybe it's less biased than some.

    --
    "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
    1. Re:Valid News Sources by dabadab · · Score: 2, Insightful

      Well, this posting is not about "news" but more about an interesting idea - an idea's "interesting" factor does not depend on its source.
      It is intriguing and worth think about, a lot more than, say, eweek's zero-content article about the wishlist for linux 2.7.

      --
      Real life is overrated.
    2. Re:Valid News Sources by andih8u · · Score: 2, Funny

      I'm sure this is the kind of front page stuff that BBC and Reuters would be reporting.

      "This just in...spammers are apparently using pron sites to help decrypt captchas."

      Some nuts will find a conspiracy in everything.

      --


      slashdot, news for crazed liberal socialist zealots
  13. I've heard of it too by Maskirovka · · Score: 2, Funny

    They like to call the method called "many carrots and more sticks".

  14. In related news... by Black+Parrot · · Score: 5, Funny


    A million new Slashdot accounts were added today.

    --
    Sheesh, evil *and* a jerk. -- Jade
  15. Countermeasure... by LinuxParanoid · · Score: 3, Interesting

    If the image ...has been inlined from Yahoo or Hotmail... as the article says, couldn't Yahoo/etc have their image generation scripts setup dynamically to check the referrer (or should I say referer? ;-)).

    I seem to recall this approach being used by online comic strips trying to prevent inline linking from elsewhere...

    --LP

    1. Re:Countermeasure... by Glog · · Score: 2, Insightful

      Referer can be spoofed so that won't work. But it's very easy for a large company like Yahoo (or any company for that matter) to setup its images server as an internal server - i.e. accessible to their *own* web servers alone. However, what's to stop spammers from grabbing the image off the browser cache and literally serving it from there on other pages. I can see how the article has a point unless the images appear on a SSL page which can't be cached. But then again I think you can cache even those.

    2. Re:Countermeasure... by leoboiko · · Score: 4, Insightful

      The referrer field is easily forged.

      --
      Prescriptive grammar:linguistics :: alchemy:chemistry. Stop being a nazi and learn some science.
  16. Re:One thing leads to another by cyb97 · · Score: 4, Informative

    That method is already in use by several sites that get paid by the number of ad-clicks. To make *dead sure* that the patrons click the banners you have to fill in a missing word in a sentence collected from the banner-site or the 3rd word etc to get into the site.

    It's pretty lame, and I guess most ad-agencies frown upon it as the clickers aren't really producing any business..

  17. Technology Review by Anonymous Coward · · Score: 2, Informative

    This was suggested in an old issue of Technology Review

  18. It really is true by The+Night+Watchman · · Score: 5, Funny

    Someone told me once that most technologies that have become successful are those technologies that assist in the dissemination of porn and/or voyeurism. Thinking about it, that's very true. Radio gave way quickly to television, which gave way to cable, and BAM! You get porn. Radio also gave way to the telephone, which gave way to party lines, and BAM! Advances in optics have brought us photography (BAM!), telescopes (BAM!), and eyeglasses (the... the porn is so CLEAR now!), to name a few. Look at the primary achievement of the 90s. The commercialization of the Internet. That's essentially a porn revolution!

    So porn is being used to break encryption. Personally, I feel there can be no other way. Porn will lead us to the greatest achievements of our day, and conversely, all roads lead to porn.

    It's our past, our present, and our future. Embrace it, or be left behind.

    --
    "Every jumbled pile of person has a thinking part that wonders what the part that isn't thinking isn't thinking of"-TMBG
    1. Re:It really is true by whterbt · · Score: 2, Interesting

      Parent was modded funny, but there's an odd truth to this. Consider Burt Rutan's comment that porn will be the driving force behind eliminating business travel. Read it and you'll understand :).

      --
      Too late to be known as Bush the First, he's sure to be known as Bush the Worst.
    2. Re:It really is true by glesga_kiss · · Score: 2, Interesting
      There is more to what you point at. Porn is the driving force behind technology. Or, at the very least it is one of the early adopters.

      Another reply mentioned the printing press; when it was invented we started dirty books. Coincidently, there was a link to some olde style smut on BoingBoing (Cory's blog) the other day.

      It goes back further. Since we started drawing on cave walls, we've been drawing titties and dicks. Ditto scupture and art. Sex lines, late night porn on TV, erotism has always been the centre. Even the first movies that most folk saw ("What the butler saw") were smut. At least it's better than then running away from a celluloid train, however with this demo they might want to rush the stage instead!!

      I can't remember where I read this; think it was a sig in the last week or so:

      "If you took all the porn of the internet, there would only be one page left; BringBackThePorn.com"

  19. Make it copyrighted by sabri · · Score: 2, Insightful

    This is a challenge for the HABEAS idea (HABEAS uses a copyrighted poem to sue spammers who send spam). The pornspammers are quite obviously circumventing a security-measure. Based on the sending-IP address, aol/hotmail etc should be able to do some sueing.

    --
    I'm not a complete idiot... Some parts are missing.
    1. Re:Make it copyrighted by marcello_dl · · Score: 2, Interesting

      That's what I had in mind, too.

      It would suffice to trademark a logo which would be added to the other generated random letters of the captcha. That would render ocr recognition harder, too.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  20. Computer Program by UPAAntilles · · Score: 4, Interesting

    The computer science department at Berkeley has already broken the Yahoo-like Captcha. They use an algorithm to break it. They recommend "Gimpy" as a replacement, which their software has yet to crack. The blog is full of crap, the captcha is generated every session, so you can't make a link to the image like they would like because the session would end.

    1. Re:Computer Program by wedg · · Score: 4, Informative

      No. It's quite simple. You get the HTML (open a session), and instead of retrieving the image for the Captcha right away, you wait until someone's signing up for free porn (a few nanoseconds), then show *them* the inline image, which only needs to be loaded once in this case, they enter the code, which your script sends back as the form reply.

      I wish I'd thought of it first, I could've patented it. Or maybe someone should, so the spammers can't use it.

      --
      Jake
      Dating: while( 1 ){ call_girl(); get_rejected(); drink_40(); } return 0;
  21. Holy crap by osgeek · · Score: 5, Funny

    They've harnessed the power of horniness, but for evil. If only that unlimited power could be harnessed for good -- it would be like having controlable fusion and all of the heavy water we'd ever need.

    Amazingly clever, those evil spamming bastards.

    --
    Why are you letting these clowns ruin our country?
    1. Re:Holy crap by fuzzybunny · · Score: 2, Funny

      Well, no, you're missing the point--the people who would be generating all the energy from porn, let's just say that part of the reason this happens is that "fusion" doesn't enter anywhere into the picture.

      And as for "heavy water", well, it may be heavy and liquid, but water it ain't...

      --
      Cole's Law: Thinly sliced cabbage
  22. From an insider... by Mazzie · · Score: 2, Interesting

    I can tell you that 99% of the illegal or 'gray area' activities like SPAM that go on in the online porn community are likely performed by less than 1% of the companies.

    A vast majority of operators I speak with are firmly against SPAM because it simply doesn't result in profit. For one, customers who join up as a result of SPAM, result is a much higher chargeback rate on credit card purchases, and in general being on the receiving end of traffic from SPAM is more than a nightamre dealing with 1000s of pissed of system admins.

    Also, porn site operators want to maintain legitimate mailing lists to keep their customers informed, but that is now a pipe dream, as even customer support is difficult over e-mail because much of it gets caught up in SPAM filters.

    Personally I won't do contract work for any porn company that uses SPAM because those are the ones that usually try to beat me out of a check. Also, they are the least likely to be around in 6 months, because most of them go under very quickly. In addition, I get sick of moving apps from host to host to host as they routinely get booted for sending, or being associated with SPAM.

    --
    Having a bookmark to Google does not make you an expert on everything.
  23. Valid News sources... on a blog. by LinuxParanoid · · Score: 4, Insightful

    You're right. But. A) you're repeating what the editor already said, and B) you are overstating your case a bit for the following reasons:

    In fairness, the poster on the blog was Cory Doctorow, who is a long time, well-known net-citizen and isn't exactly some random guy, although you may not know him. For a sample of his work, see this piece in Salon which mentions that he won the John W. Campbell Award for best new science fiction writer at the 2000 Hugo Awards. He's not a journalist, he's a blogger, but it's an interesting tidbit nonetheless...

    And even if he was a random blogger, his credentials are much less important than the core concept he's disclosing: that someone seeking to generate email accounts (or open bank accounts or whatever) could have porn-seeking humans workaround the turing-ish test security measures. The story is less that someone is doing it, than that someone could be doing it. At least to me.

    Plus this is a hacker-type story... I wouldn't expect Reuters, etc. to carry it first.

    I actually was glad to see the Slashdot editor point out the "someone told me" caveat... it's a sign to me that the editors here are getting better. They're warning us about the weaknesses in the story, not just slapping stuff up here without a care.

    --LP

    1. Re:Valid News sources... on a blog. by akadruid · · Score: 2, Interesting

      Nice post...
      You're right, the concept is interesting, I was just playing Devil's Advocate with the concept of 'news' - the idea that the moon landings were faked is an interesting concept, but not 'news' as such.
      'Sides, it was attempt at the ever elusive concept of irony. On a day when the BBC is buying ads to it's coverage of the Dr Kelly case, the traditional media is on a back foot against a prominant blogger - 'news' is a concept worth a little exploration today.

      --
      "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
  24. Someone asked for a real example of this... by johnthorensen · · Score: 3, Funny

    Well I don't have an example of the page, but I do happen to have one of the captcha tests they were using... :)

    Click here to decode pr0n captcha

    -JT

  25. Countermeasure: URL in Image by G4from128k · · Score: 3, Interesting

    If the captcha contained a background of additional instructions such as "To get your free account, please type in www.free-email.com/username/captchawords", then it would prevent the porn site/ spammer from seeing the results.

    --
    Two wrongs don't make a right, but three lefts do.
  26. Ok new "captcha" test... by tekiegreg · · Score: 4, Insightful

    Rather than guess a single image, how about a feature on the page at random? For example Yahoo Mail can ask "What is the menu to the immediate right of Addresses. (which according to my Yahoo Mail screen would be "Calendar"), Or even "What company is the banner ad up top advertising" which serves 2 purposes 1) Captcha Test and 2) Ensuring the advertising is looked at :-)

    Unless a Spammer plans on building a porno site exactly like Yahoo (and incur the wrath of a zillion lawyers consequently), this would be a difficult one to counter attack (unless someone here could prove otherwise). Thoughts?

    --
    ...in bed
  27. Who registers for porn? by ClosedGL · · Score: 2, Funny

    I've never understood people that pay or subscribe for porn. There is simply no need. The air outside isn't really that dirty. The creepy crawlies will not bite you. You cannot get infected by talking to other people. Girls don't generally mind any of the Linux t-shirt (apart from the "I WANT TO ROOT YOU" shirts, but then, that is a scary thought). I appreciate the hands-on people of the world *arf*, but if you're the stereotypical geek who's girlfriend's surname is MPG, try looking around, it really isn't hard to find. I'd list some sites to check first, but I'm not ready for the 'Informative' score! Obviously, I've never looked for porn before, I'm just assuming...

  28. Copyrights are a good thing here! by earthforce_1 · · Score: 2, Insightful

    All they have to do is copyright the capta image, and sue the pants off anybody who uses it without permission.

    Any lawyers want to comment on this?

    --
    My rights don't need management.
  29. Wow by Illserve · · Score: 3, Interesting

    That's genius. Much as I hate spammers, I have to admire this very clever solution.

  30. The feeder bar approach by ericspinder · · Score: 4, Funny
    Do a little work, get a little porn.

    "Hey, I'm only seeing ugly people having sex!, guess I have to step up the quality of my work"

    --
    The grass is only greener, if you don't take care of your own lawn.
  31. just added captcha by jqh1 · · Score: 4, Interesting

    We *just* added captcha functionality at spamgourmet but we're using a random number at the end of each quizword, and we use a random filename for each image. The code just went up on sourceforge if you want to take a look.

    --
    who's moderating the meta-moderators?
  32. It's really true, I've seen them by mst76 · · Score: 2, Funny

    Yes, I've hundreds of seen these 'captchas' in the last weeks when I was surfing, ..., uhm, ah, well, never mind.

  33. Old news and incorrect data by shaftek · · Score: 5, Informative

    This is ancient news, it has been mentioned by me on the ASRG list in November and on my blog. The original new article was published by the Post Gazette, and found by Matt McCay in his blog. Liudvikas Bukys mentioned it in his blog also. You might also want to take a look at the W3C draft on why these visual tests do not work for disabled people. And to end this off, the basic premise of C/R is that the return address is valid. Even if spammers break these visual tests, in order to do that, they must have a valid return address - ergo, making them traceable.

    1. Re:Old news and incorrect data by po8 · · Score: 2, Interesting

      And to end this off, the basic premise of C/R is that the return address is valid. Even if spammers break these visual tests, in order to do that, they must have a valid return address - ergo, making them traceable.

      But why do "captcha"-style visual puzzles, then? If your big concern is traceability, it seems that any old challenge/response, including a 3 digit ASCII number, would do.

      IMHO the news here is that the visual puzzles don't add anything for a clever and determined adversary. It's apparently old news to you, but I hadn't heard of this technique until now; I find it fascinating and am glad the /. editors passed it on.

  34. Sounds patentable by jmcharry · · Score: 2, Funny

    I wonder if they have filed for a patent?

  35. Re:Why not... by eklipz19 · · Score: 2, Interesting
    Having worked for an entreporneur, I can tell you what the point would be. It's all well and good to get access to free email accounts, but, as has been said, that's more or less pointless.

    What is useful, however, is signing up for free webspace. That's the holy grail of porn sites, an unlimited supply of website all pointing back to your main page. Good for search engine rank, dontcha know?

    When I did some programming for a gentleman who served up porn sites, it was my task to give him a script that would go to Geocities, create an account, and then FTP up a small site with tons of links back to his main site. It would track the account name and password (randomly generated) and parse the URL of the site into a list, which he then used for...something.

    Shortly thereafter (read: Next Day) Geocities put up a captcha for the signup. Related? Perhaps, perhaps not, but I do know that over multiple T1 connections, he created over 5,000 sites overnight on the 8 hours of running the script.

    Something to think about.

  36. I'm afraid I disagree by fejikso · · Score: 5, Insightful

    I thought that'w why there's something called ethics, which tells you when an ingenious thing may be good or bad.

    IMHO, you can't applaud unethical uses of ingenuity.

  37. challenge/response system is good idea by Matt+Ownby · · Score: 2, Insightful

    A well designed challenge/response system won't challenge those people to whom the user has already sent email out to. I think nuisances like you have mentioned are temporary and will be refined in the future as spam becomes a greater problem (and it will).

    I use a challenge/response system myself for my email and it certainly has nothing to do with me thinking I am really important or that my time is worth more than yours. It is all about me being totally sick of spam and being willing to take extreme measures to stop it.

    All of my friends are already on my whitelist (or get on it quickly enough) and have forgotten that I ever had a challenge/response system in place. It really is not a nuisance at all to anyone who communicates with me on a regular basis.

  38. The Meatrixator by Doc+Ruby · · Score: 2, Funny

    This brilliant design is the frontier of human/computer interaction. It creates a P2P network of human brains to crack an intractibly compute-intensive problem. We are now in the nascent Matrix, as it feeds off our organic energy. It's only a matter of time before CaptchaNet becomes selfaware. At least it has a use for us - we'll make great pets.

    --

    --
    make install -not war

  39. Outsourcing by Anonymous Coward · · Score: 3, Funny

    I expect that soon all porn viewing jobs will be outsourced to India.

  40. distributed.net for human brains by Sloppy · · Score: 2, Funny

    Using the 'net to harness human cognition instead of computers' clock cycles? I am impressed.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  41. Hmm.. this could open a new world for Open Source by donutello · · Score: 2, Funny

    We can work around IBMs patent if we come up with a way to pay Open Source developers with porn.

    Submit a patch and you'll be rewarded with 5 minutes of unlimited access.

    --
    Mmmm.. Donuts
  42. So, the people are being used as coprocessors? by Phat_Tony · · Score: 2, Funny

    So, the computer has a task the CPU is poor at performing, so they offload that procedure to specialized "wetware" that's more efficient at handling that kind of processing. The people are being used like FPU's or GPU's. Paid in porn, instead of run on electricity.

    How'd you like to have a job as a coprocessor? Is this the computer-age version of dehumanizing assembly line drones- soon people will sit in front of computers all day long handling the offloaded processing tasks computers are poor at handling?

    Come to think of it, this is already going on a lot. Computers process all the transactions at most companies, but they have certain "flags" they catch that offload certain transactions-ones that are exceptional for some reason (complex, may involve fraud, etc)- for people to handle personally. I just hadn't thought of people as coprocessing drones handeling certain exceptions a computer program comes across and offloads for biological processing.

    The matrix won't happen all at once with a war. It will creep up on us so we hardly notice it. We won't be subjugated, we'll volunteer.

    -Phat Tony

    --
    Can anyone tell me how to set my sig on Slashdot?
  43. Captchas can only prove human-ness by AnotherBlackHat · · Score: 3, Insightful

    It's a clever idea (even if nobody has actually done it yet) but I think Captchas will always be ahead in the arms race.

    Cut and paste my Captchas? Ok, I'll embed it in a java program.
    Screen capture? I'll make it dependant on the web-site you're visiting.
    (which of these objects starts with the same letter as the third letter of my website?)

    In the end though, the best a captchas can do is prove there's a human somewhere in the loop.
    A spammer (or anyone else for that matter) could hire real people to answer them.
    Automate the non-captcha part of the signup, and you could generate several hundred accounts per hour.

    -- this is not a .sig

  44. put your trademark in your captchas by marvinglenn · · Score: 2, Insightful

    It's not a complete fix, but making your 'captchas' larger and putting your trademark and website identity inside the 'captchas' would make it pretty obvious if anyone is doing this to you. The text to echo back should be at a random location in the image, so the spammer cannot crop it in an automated fashion. Also, a URL in the image to report to if it's seen on a site where it's not expected would be good.

    --
    The whores get mad when the sluts give it away for free.