Understanding How CAPTCHA Is Broken 148
An anonymous reader writes "Websense Security Labs explains the spammer Anti-CAPTCHA operations and mass-mailing strategies. Apparently spammers are using combination of different tactics — proper email accounts, visual social engineering, and fast-flux — representing a strategy, explains their resident CAPTCHA expert. It is evident that spammers are working towards defeating anti-spam filters with their tactics."
Page design (Score:2, Insightful)
This article is an advertisement (Score:5, Insightful)
This article links to what is basically an infomercial. What it links to is filled with pictures and seeming explanations, but it's written in scare-mongering language and not written with an eye towards the reader understanding it. It as an advertisement telling you that Websense is a fantastic company because they understand all this terribly scary stuff and already have the technology to defeat it for you.
Re:Really? (Score:5, Insightful)
Fighting spam will either succeed or it will fail (Score:2, Insightful)
Mail services that don't provide good spam protection will fail.
If it becomes too hard to fight spam, mail as we know it will end and be replaced by something else, much like USENET was for most purposes replaced by other, less-spam-prone media.
Why are we so helpless? (Score:4, Insightful)
Re:Why are we so helpless? (Score:3, Insightful)
Re:Why are we so helpless? (Score:3, Insightful)
How on earth would you actually request each individual email you want to receive? Fax your dad and tell him he's authorized to send you an email detailing his vacation cruise? Have people call you up, where you give them an ID number that must be in the subject line?
Even if you went as far as white-listing email addresses (which you actually can do now) you'd miss out when your buddy gave your email to someone who was looking to offer you a job at twice your current salary, or that girl who really dug you at that party.
I don't see how you could propose a law that requires permission to send an email without destroying most of email's practical benefits as well.
Re:A more practical approach - 3 grades of service (Score:5, Insightful)
Re:I guess I've gotten used to it (Score:4, Insightful)
Re:This article is an advertisement (Score:4, Insightful)
It would be really nice if people would tag articles like this with 'slashvertisement'. :-)
Re:I guess I've gotten used to it (Score:4, Insightful)
Re:Really? (Score:4, Insightful)
Would I give a bank my SS#? Sure.
Would I give my SS# to Yahoo? Not as long as there are other places where I can get free email and play fantasy sports.
Re:Phone-based varification (Score:3, Insightful)
Re:What about a CAPTCHA made in flash? (Score:3, Insightful)
It's a classic case of Security through Obscurity, and this time it works.
However, SWF files have accessibility issues, and there are always people who love to block them.
Re:Phone-based varification (Score:3, Insightful)
It would be so easy to bankcrupt a site that tried this (phone number generator, script) that no sane site owner would try it.
Re:My spam rules-- (Score:3, Insightful)
Re:Animated CAPTCHAs? (Score:1, Insightful)
The only problem is you could never automatically generate CAPTHAs like that because you need a human knowledge database. Which, again, can be learned by the bot; so the system is defeated. Logic implies that any test a computer could generate could always be solved by a computer, so no CAPTCHA technology will ever "win". Sorry
Comment removed (Score:3, Insightful)