ICANN/GNSO GNSO Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

[dow1tf] breaking anti-mining protections

  • To: TF1 <dow1tf@xxxxxxxxxxxxxx>
  • Subject: [dow1tf] breaking anti-mining protections
  • From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 4 Feb 2004 08:21:45 +0100
  • Mail-followup-to: TF1 <dow1tf@xxxxxxxxxxxxxx>
  • Sender: owner-dow1tf@xxxxxxxxxxxxxx
  • User-agent: Mutt/1.5.6i

Some registrars are using similar systems to prevent automated mass
queries to their whois databases...

----- Forwarded message from RISKS List Owner <risko@xxxxxxxxxxx> -----

From: RISKS List Owner <risko@xxxxxxxxxxx>
To: risks@xxxxxxxxxxx
Date: Tue, 3 Feb 2004 17:03:51 PST
Subject: [risks] Risks Digest 23.17

RISKS-LIST: Risks-Forum Digest  Tuesday 2 February 2004  Volume 23 : Issue 17

   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Date: Wed, 28 Jan 2004 13:48:42 -0600
From: "Robin Burke" <rburke@xxxxxxxxxxxxxx>
Subject: Porn viewers work for hackers

The following article describes an attack against the web images (so-called
"CAPTCHAS") that are used to prevent robots from using certain web
applications such as the creation of free e-mail accounts.  The images are a
form of "Turing Test", easy for a human user of normal ability to process,
but difficult for a piece of software. The attack involves routing the
CAPTCHA image to a page that advertises free porn.  Users have to decode the
CAPTCHA to get the advertised images and in doing so, unwitting assist
spammers in creating bogus e-mail addresses.

"But at least one potential spammer managed to crack the CAPTCHA test.
Someone designed a software robot that would fill out a registration form
and, when confronted with a CAPTCHA test, would post it on a free porn
site. Visitors to the porn site would be asked to complete the test before
they could view more pornography, and the software robot would use their
answer to complete the e-mail registration."

http://www.post-gazette.com/pg/03278/228349.stm (Relevant section is
near the end)

One poster to a related thread in Slashdot
(http://slashdot.org/article.pl?sid=04/01/28/1344207) reported that his
site shut down its (CAPTCHA-protected) free e-mail service recently due
to a sharp increase in spammer-generated accounts.

Robin Burke, Associate Professor, School of Computer Science,
Telecommunications, and Information Systems, DePaul University

----- End forwarded message -----

<<< Chronological Index >>>    <<< Thread Index >>>