Re: CAPTCHA KAPUTSKI!

Post #288,554

7/9/07 10:48:53 AM

"There are only about 500 or so new accounts being created every hour," said Viorel Canja, the head of the BitDefender Antivirus Lab.

I'd say that's well within the capability of one person with an automatic "show the captcha, use what the human monkey types in to register" program.

Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."

Post #288,556

by JayMehaffey

7/9/07 10:53:08 AM

probably a small pool in a third world country

Somebody probably hired a small pool of workers in a third world country to read the captchas. A few cents per captcha is all it would take.

Jay

Post #288,558

by admin

7/9/07 11:01:40 AM

Re: probably a small pool in a third world country

500/hr == 1 every 7 seconds or so... I doubt you'd even need that. Just one person would suffice.

Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."

Post #288,559

by folkert

7/9/07 11:09:10 AM

Didn't think of it like that.

--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ i_wethey
PGP key: 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2

Post #288,652

by Simon_Jester

7/10/07 6:54:12 PM

The one I read about....

used human interaction to bypass the captiva. Take a porn site and allow a user to access the porn via a captiva....same said captiva that said script is attempting to access.

With enough people wanting to view the porn, the script bypasses the captiva without a problem.

Post #288,661

by static

7/10/07 8:45:09 PM

Has been known for a while.

It becomes an arms race. The next cycle is figuring out how to stop the images being re-used like that, whilst the crackers figure out how to evade that.

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

· my ·
· [link|http://staticsan.livejournal.com/|blog] ·
· [link|http://yceran.org/|website] ·

Post #288,658

by Another Scott

7/10/07 8:36:06 PM

Good catch.

[link|http://www.newscientist.com/blog/technology/2007/07/captchas-conquered.html|New Scientist]:

Suitably puzzled, I called up the head of BitDefenders anti-virus labs in Romania, Viorel Canja, who explained all. It turns out the Trojan creates free email accounts by copying each CAPTCHA and sending it off to another computer for processing. This process may be automatic, or may be done done manually. At the moment, it isn't clear.

[link|http://www.cs.cmu.edu/%7Ebiglou/|Luis Von Ahn] of Carnegie Mellon University - one of the people who invented the CAPTCHA test - thinks the process can only be manual. He notes out that creating 500 new accounts per hour hardly impressive. "If you think about it, a single human can get about 400 per hour if they just sit there typing," he told me. "Before CAPTCHA, bots could get more than two million accounts per day."

This seems to suggest that, should spammers ever work out how to beat CAPTCHA tests automatically, we'll really know about.

Cheers,
Scott.

Welcome to IWETHEY!