Slashdot Mirror

← Back to Stories (view on slashdot.org)

Understanding How CAPTCHA Is Broken

Posted by ryuzaki0 on from the stuff-to-think-about dept.

An anonymous reader writes "Websense Security Labs explains the spammer Anti-CAPTCHA operations and mass-mailing strategies. Apparently spammers are using combination of different tactics — proper email accounts, visual social engineering, and fast-flux — representing a strategy, explains their resident CAPTCHA expert. It is evident that spammers are working towards defeating anti-spam filters with their tactics."

2 of 148 comments (clear)

  1. Re:Animated CAPTCHAs? by Anonymous Coward · · Score: 5, Interesting

    Animated captchas exist and are used but not too often. The only example I can think of is: https://www.e-gold.com/acct/login.html

  2. A more practical approach - 3 grades of service by davidwr · · Score: 5, Interesting

    I'd prefer 2, or better yet, 3 grades of service:

    * verified user, someone using a credit card or providing some other ID that, if faked, can be prosecuted criminally
    * established regular user, a person with a reasonably long and regular history, say, at least 10 logins a month, at least 10 outbound messages a month, and at least 10 inbound messages a month, for 3 of the past 6 months, and a minimal history of complaints.
    * other - anyone else

    On outbound messages, include a tag that the recipient's mail provider can use as part of its trust-assessment.

    The "minimal history of complaints" is a potential problem due to false allegations and joe-jobbing.

    Lack of ID could be a problem for users from countries whose IDs are not deemed trustworthy. If I give Yahoo my Nigerian passport number....

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.