Post #288,552
7/9/07 10:21:54 AM
|
CAPTCHA KAPUTSKI!
[link|http://tech.blorge.com/Structure:%20/2007/07/08/spammers-overcome-hotmail-and-yahoo-captcha-systems/|CAPTCHA for MS and Y! are being read] automagically.
NEAT!
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey PGP key: 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
|
Post #288,554
7/9/07 10:48:53 AM
|
Re: CAPTCHA KAPUTSKI!
"There are only about 500 or so new accounts being created every hour," said Viorel Canja, the head of the BitDefender Antivirus Lab. I'd say that's well within the capability of one person with an automatic "show the captcha, use what the human monkey types in to register" program.
Regards,
-scott anderson
"Welcome to Rivendell, Mr. Anderson..."
|
Post #288,556
7/9/07 10:53:08 AM
|
probably a small pool in a third world country
Somebody probably hired a small pool of workers in a third world country to read the captchas. A few cents per captcha is all it would take.
Jay
|
Post #288,558
7/9/07 11:01:40 AM
|
Re: probably a small pool in a third world country
500/hr == 1 every 7 seconds or so... I doubt you'd even need that. Just one person would suffice.
Regards,
-scott anderson
"Welcome to Rivendell, Mr. Anderson..."
|
Post #288,559
7/9/07 11:09:10 AM
|
Didn't think of it like that.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey PGP key: 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
|
Post #288,652
7/10/07 6:54:12 PM
|
The one I read about....
used human interaction to bypass the captiva. Take a porn site and allow a user to access the porn via a captiva....same said captiva that said script is attempting to access.
With enough people wanting to view the porn, the script bypasses the captiva without a problem.
|
Post #288,661
7/10/07 8:45:09 PM
|
Has been known for a while.
It becomes an arms race. The next cycle is figuring out how to stop the images being re-used like that, whilst the crackers figure out how to evade that.
Wade.
Is it enough to love Is it enough to breathe Somebody rip my heart out And leave me here to bleed
| | Is it enough to die Somebody save my life I'd rather be Anything but Ordinary Please
|
-- "Anything but Ordinary" by Avril Lavigne. | · my · · [link|http://staticsan.livejournal.com/|blog] · · [link|http://yceran.org/|website] · |
|
Post #288,658
7/10/07 8:36:06 PM
|
Good catch.
[link|http://www.newscientist.com/blog/technology/2007/07/captchas-conquered.html|New Scientist]: Suitably puzzled, I called up the head of BitDefenders anti-virus labs in Romania, Viorel Canja, who explained all. It turns out the Trojan creates free email accounts by copying each CAPTCHA and sending it off to another computer for processing. This process may be automatic, or may be done done manually. At the moment, it isn't clear.
[link|http://www.cs.cmu.edu/%7Ebiglou/|Luis Von Ahn] of Carnegie Mellon University - one of the people who invented the CAPTCHA test - thinks the process can only be manual. He notes out that creating 500 new accounts per hour hardly impressive. "If you think about it, a single human can get about 400 per hour if they just sit there typing," he told me. "Before CAPTCHA, bots could get more than two million accounts per day."
This seems to suggest that, should spammers ever work out how to beat CAPTCHA tests automatically, we'll really know about. Cheers, Scott.
|