Porn Rewards Users To Get Past Anti-Spam Captchas 420
Stalke writes "Spammers are now usings a new technique to circumvent the 'captchas,' the distorted text in graphics, that users must input to receive the free email account. The spammers have cracked the system by displaying the 'captchas' on free porn sites in real time. Since there are always a large number of people signing up for free porn, they do the work of decripting the 'captchas' which is then replayed back into the spammers program to create a new email account. Who thought that porn could be a hacking technique!" Sure sounds plausible, though the link here says only "someone told me."
Foundation (Score:3, Insightful)
Spam spam spam spam SPAAM! (Score:4, Insightful)
Sounds like rubbish (Score:3, Insightful)
Valid News Sources (Score:5, Insightful)
'Someone told me...' on a 'blog'?
That doesn't carry quite the weight of the BBC and Reuters to me, but I suppose there's a good chance no-one was threatened by a 'democratic' government during the production of the article, so maybe it's less biased than some.
Re:Easily countered (Score:2, Insightful)
Make it copyrighted (Score:2, Insightful)
Re:Spam spam spam spam SPAAM! (Score:5, Insightful)
How about type something other than what's in the box? I seriously doubt you have to sit there waiting while it verifies that what you entered is actually correct. They're probably just assuming most people will type it correctly.
Re:Countermeasure... (Score:2, Insightful)
Where? (Score:2, Insightful)
Valid News sources... on a blog. (Score:5, Insightful)
In fairness, the poster on the blog was Cory Doctorow, who is a long time, well-known net-citizen and isn't exactly some random guy, although you may not know him. For a sample of his work, see this piece in Salon [salon.com] which mentions that he won the John W. Campbell Award for best new science fiction writer at the 2000 Hugo Awards. He's not a journalist, he's a blogger, but it's an interesting tidbit nonetheless...
And even if he was a random blogger, his credentials are much less important than the core concept he's disclosing: that someone seeking to generate email accounts (or open bank accounts or whatever) could have porn-seeking humans workaround the turing-ish test security measures. The story is less that someone is doing it, than that someone could be doing it. At least to me.
Plus this is a hacker-type story... I wouldn't expect Reuters, etc. to carry it first.
I actually was glad to see the Slashdot editor point out the "someone told me" caveat... it's a sign to me that the editors here are getting better. They're warning us about the weaknesses in the story, not just slapping stuff up here without a care.
--LP
Re:Valid News Sources (Score:3, Insightful)
It is intriguing and worth think about, a lot more than, say, eweek's zero-content article about the wishlist for linux 2.7.
Re:Countermeasure... (Score:5, Insightful)
Ok new "captcha" test... (Score:5, Insightful)
Unless a Spammer plans on building a porno site exactly like Yahoo (and incur the wrath of a zillion lawyers consequently), this would be a difficult one to counter attack (unless someone here could prove otherwise). Thoughts?
Re:Sounds like rubbish (Score:5, Insightful)
Copyrights are a good thing here! (Score:3, Insightful)
Any lawyers want to comment on this?
Re:Spam spam spam spam SPAAM! (Score:5, Insightful)
Re:Sounds like rubbish (Score:5, Insightful)
Without any facts to back the story up, I don't know if this is really happening, but it sounds plausible. I wonder if anyone's filed a patent on the method?
Re:Countermeasure: URL in Image (Score:1, Insightful)
Better, I would suggest, to place the text in a random location in the image each time, or even overlay it in watermark-fashion. Hey, don't anyone go trying to patent this idea now.. did I think of it first?
Re:Sounds like rubbish (Score:5, Insightful)
Uh, if the spammers are smart, they'll actually use the word you give them to submit the form, and if it doesn't work they'll make you enter another one. some of them are hiring smart people. Maybe if there weren't so many out-of-work programmers in the world...
Re:Nifty (Score:2, Insightful)
This is fuckin' briliant. A pure barter system. A product that has value but many are not willing to pay for. A small service that takes very little time but will create value.
Include the Original Web-site in 'Captchas' (Score:1, Insightful)
"registration for: free-mail.com"
"only for registation at: free-mail.com"
"don't help spammers, answer this only
if you are at free-mail.com"
At least the people registering on the porn site would realize they are helping a spammer and would *hopefully* not do the decoding.
CJones
I'm afraid I disagree (Score:5, Insightful)
IMHO, you can't applaud unethical uses of ingenuity.
challenge/response system is good idea (Score:3, Insightful)
I use a challenge/response system myself for my email and it certainly has nothing to do with me thinking I am really important or that my time is worth more than yours. It is all about me being totally sick of spam and being willing to take extreme measures to stop it.
All of my friends are already on my whitelist (or get on it quickly enough) and have forgotten that I ever had a challenge/response system in place. It really is not a nuisance at all to anyone who communicates with me on a regular basis.
Captchas can only prove human-ness (Score:4, Insightful)
Cut and paste my Captchas? Ok, I'll embed it in a java program.
Screen capture? I'll make it dependant on the web-site you're visiting.
(which of these objects starts with the same letter as the third letter of my website?)
In the end though, the best a captchas can do is prove there's a human somewhere in the loop.
A spammer (or anyone else for that matter) could hire real people to answer them.
Automate the non-captcha part of the signup, and you could generate several hundred accounts per hour.
-- this is not a
put your trademark in your captchas (Score:2, Insightful)