Slashdot Mirror
Fallout From the Fall of CAPTCHAs
An anonymous reader recommends Computerworld's look at the rise and fall of CAPTCHAs, and at some of the ways bad guys are leveraging broken CAPTCHAs to ply their evil trade. "CAPTCHA used to be an easy and useful way for Web administrators to authenticate users. Now it's an easy and useful way for malware authors and spammers to do their dirty work. By January 2008, Yahoo Mail's CAPTCHA had been cracked. Gmail was ripped open soon thereafter. Hotmail's top got popped in April. And then things got bad. There are now programs available online (no, we will not tell you where) that automate CAPTCHA attacks. You don't need to have any cracking skills. All you need is a desire to spread spam, make anonymous online attacks against your enemies, propagate malware or, in general, be an online jerk. And it's not just free e-mail sites that can be made to suffer..."
There is irony, force people to use the platform that's responsible for botnets in the first place.
Friends don't help friends install M$ junk.
I'm wrong
Fixed.
then you write a little program that will show nude pictures, if users identify pictures for you. do not underestimate the length some people will go to for seing mostly skin.
preview button, my computer does't have any preview button
No.
You see there is an ongoing war against the postmasters by the webmasters. I am a postmaster, and I get roughly 300ish spam mails per site.
And the webmasters sit and chuckle. Bastards, they could make it stop!
But they don't... animals...
Seven Days with Ubuntu Unity
I can't wait until someone's daughter tries to make an account on Barbie's Horse Talk website and is presented with the following CAPTCHA:
Prove that a 3-manifold space has the additional property that each loop in the space can be continuously tightened to a point then it is just a three-dimensional sphere.
I read the internet for the articles.
The first thing to actually pass the Turing test will probably be a spam-bot. Isn't that disgusting?
Nyet, but haf you conzidered ze amazing affordability uff zer timezhare at Lake Baikal? Operatorz iz schtanding by!
Any technology distinguishable from magic is insufficiently advanced.
The irony about this is that a CAPTCHA is a Turing test, a form of authentication designed to prove that a human is making the request. Given that some CAPTCHAs are rapidly becoming too hard for people to read, the outcomes of the tests are reversed - humans cannot win the test, only computers.
I have CAPTCHAs on my blog, but only deny posters who actually fill them in. Goes a long way to deterring spammers.
M
You just eliminated one third of the US population from accessing your site.. Sad, isn't it.
Now if you had said,
What color of hair does the 3rd girl on the right have,
A: green
B: brown
c: Blond
D: I drive a ferrari, I don't care about hair color!
you would only eliminate about one eighth
What are we going to do tonight Brain?
it is no wonder that the "under 25" crowd now says "myspace me" or "facebook me" and no longer use email. why would they?
Whatever happened to giving someone your phone number and actually talking to them. I asked a girl for her number the other night and she gave me her myspace address. Thanks, but no thanks. At least make the effort and give me a fake phone number if you don't ever really want to talk to me again.
I am Jack's complete lack of surprise.
Obviously the solution is to make porn free so that this is no longer an incentive. Obviously also this means that the government should subsidize it.
---- Liquid was a patriot ----
I've toyed with the idea of making users write a 500 word essay on a random topic. I would then send this to my high school English teacher, and if it got maybe a B or above I would consider it legit.
Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
Obligitory XKCD reference: http://imgs.xkcd.com/comics/a_new_captcha_approach.png
down
saturday
ten
e
two
the
Now your captcha systems has been completely broken by my bots.
Buy some Viagra! she screamed, as the thorny wisps of french looked upon dog. Finally, she embarked, with implacable wit.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Howcome /. is so spam free?
You must be new here.
and blind.
If you can read this, I forgot to post anonymously.
I can't wait until someone's daughter tries to make an account on Barbie's Horse Talk website and is presented with the following CAPTCHA:
Prove that a 3-manifold space has the additional property that each loop in the space can be continuously tightened to a point then it is just a three-dimensional sphere.
So thats why Grigori Perelman decided to solve that CAPTCHA.
Image recognition fails on two counts - perception and natural language. One man's ginger is another's man's strawberry blonde, and if you've ever looked women's hair dye you'll know that they have about 50 billion words for "brown".
your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. your idea will not work. here is why it won't work. (one or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) spammers can easily use it to harvest email addresses
( ) mailing lists and other legitimate email uses would be affected
(X) no one will be able to find the guy or collect the money
(X) it is defenseless against brute force attacks
(X) it will stop spam for two weeks and then we'll be stuck with it
( ) users of email will not put up with it
( ) microsoft will not put up with it
( ) the police will not put up with it
( ) requires too much cooperation from spammers
( ) requires immediate total cooperation from everybody at once
( ) many email users cannot afford to lose business or alienate potential employers
(X) spammers don't care about invalid addresses in their lists
( ) anyone could anonymously destroy anyone else's career or business
specifically, your plan fails to account for
( ) laws expressly prohibiting it
( ) lack of centrally controlling authority for email
( ) open relays in foreign countries
( ) ease of searching tiny alphanumeric address space of all email addresses
( ) asshats
( ) jurisdictional problems
( ) unpopularity of weird new taxes
( ) public reluctance to accept weird new forms of money
( ) huge existing software investment in smtp
( ) susceptibility of protocols other than smtp to attack
( ) willingness of users to install os patches received by email
(X) armies of worm riddled broadband-connected windows boxes
(X) eternal arms race involved in all filtering approaches
(X) extreme profitability of spam
( ) joe jobs and/or identity theft
( ) technically illiterate politicians
( ) extreme stupidity on the part of people who do business with spammers
( ) dishonesty on the part of spammers themselves
( ) bandwidth costs that are unaffected by client filtering
( ) outlook
and the following philosophical objections may also apply:
(X) ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) any scheme based on opt-out is unacceptable
( ) smtp headers should not be the subject of legislation
( ) blacklists suck
( ) whitelists suck
( ) we should be able to talk about viagra without being censored
( ) countermeasures should not involve wire fraud or credit card fraud
( ) countermeasures should not involve sabotage of public networks
( ) countermeasures must work if phased in gradually
( ) sending email should be free
( ) why should we have to trust you and your servers?
( ) incompatiblity with open source or open source licenses
( ) feel-good measures do nothing to solve the problem
(X) temporary/one-time email addresses are cumbersome
( ) i don't want the government reading my email
( ) killing them that way is not slow and painful enough
furthermore, this is what i think about you:
(X) sorry dude, but i don't think it would work.
(X) this is a stupid idea, and you're a stupid person for suggesting it.
( ) nice try, assh0le! i'm going to find out where you live and burn your house down!
what is the third word of this sentence?
No, its the first.
And I can't wait until someone's daughter answers back:
Soylent Green is peoplicious!
Is logic puzzles. "You are in a room with three guards, one of these guards always lies, one of them always tells the truth, and one of them lets you register this email address. Who do you ask?" Let's see a computer solve that!
Your "random but light noise" idea intrigues me, and I would like to subscribe to your newsletter. Have you also considered using alphanumeric symbols instead of pictures of cats and dogs?
"Wise men talk because they have something to say; fools, because they have to say something" - Plato