Slashdot Mirror

← Back to Stories (view on slashdot.org)

Understanding How CAPTCHA Is Broken

Posted by ryuzaki0 on from the stuff-to-think-about dept.

An anonymous reader writes "Websense Security Labs explains the spammer Anti-CAPTCHA operations and mass-mailing strategies. Apparently spammers are using combination of different tactics — proper email accounts, visual social engineering, and fast-flux — representing a strategy, explains their resident CAPTCHA expert. It is evident that spammers are working towards defeating anti-spam filters with their tactics."

10 of 148 comments (clear)

  1. This article is an advertisement by Omnifarious · · Score: 5, Insightful

    This article links to what is basically an infomercial. What it links to is filled with pictures and seeming explanations, but it's written in scare-mongering language and not written with an eye towards the reader understanding it. It as an advertisement telling you that Websense is a fantastic company because they understand all this terribly scary stuff and already have the technology to defeat it for you.

    --
    Need a Python, C++, Unix, Linux develop
    1. Re:This article is an advertisement by Omnifarious · · Score: 3, Insightful

      It would be really nice if people would tag articles like this with 'slashvertisement'. :-)

      --
      Need a Python, C++, Unix, Linux develop
  2. Re:Really? by SUB7IME · · Score: 4, Insightful

    Because people like me would never, ever use their service under those conditions?

  3. Why are we so helpless? by Chemisor · · Score: 3, Insightful

    It ought to be obvious to everyone that spam is a property violation crime. Putting unrequested email in my account is the same as dumping used tires on my front lawn. Sure I have an address, but that doesn't mean I want just anyone to deliver anything to it without my permission. Why aren't we making this explicitly illegal, just like dumping and vandalism already are? Why are we putting up with these people?

    1. Re:Why are we so helpless? by gsgriffin · · Score: 3, Insightful

      Unfortunately, it is not that simple. Your analogy is not correct. Email is more like snail-mail. And yes, anyone can send email to your mailbox via snail-mail and not go to jail. The difference is that snail-mail costs them something. The real solution is to get all the stupid people off the web that actually make purchases from companies that they received a spam email from. They keep spammers continuing to spam. If the idiot purchaser got off the web, the spam would quickly dry up. Ultimately, this battle will never end...there will always be idoits that can get on the web.

      --
      jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
    2. Re:Why are we so helpless? by Anonymous Coward · · Score: 3, Insightful

      No it's not obvious.

      How on earth would you actually request each individual email you want to receive? Fax your dad and tell him he's authorized to send you an email detailing his vacation cruise? Have people call you up, where you give them an ID number that must be in the subject line?

      Even if you went as far as white-listing email addresses (which you actually can do now) you'd miss out when your buddy gave your email to someone who was looking to offer you a job at twice your current salary, or that girl who really dug you at that party.

      I don't see how you could propose a law that requires permission to send an email without destroying most of email's practical benefits as well.

  4. Re:A more practical approach - 3 grades of service by Anonymous Coward · · Score: 5, Insightful

    * verified user, someone using a credit card or providing some other ID that, if faked, can be prosecuted criminally This is a good idea, since spammers and other criminals don't have access to a large number of credit card numbers.
  5. Re:I guess I've gotten used to it by Fred_A · · Score: 3, Insightful

    Most Americans pay $.10 per message, incoming or outgoing. There, fixed that for you. It's quite unheard of here in Germany. Or in any country with a mature wireless industry for that matter.
    --

    May contain traces of nut.
    Made from the freshest electrons.
  6. Re:I guess I've gotten used to it by dargaud · · Score: 3, Insightful

    As far as I know, the US is the only country where the SMS receiver pays up, which seems absurd to anybody else. Anyone cares to enlighten me as to the reason for that ?!?

    --
    Non-Linux Penguins ?
  7. Re:Really? by SUB7IME · · Score: 3, Insightful

    No, I'm worried about a world in which I have to divulge my social security number to private corporations online to partake in services that should never require such information.

    Would I give a bank my SS#? Sure.
    Would I give my SS# to Yahoo? Not as long as there are other places where I can get free email and play fantasy sports.