RE: ISP wants to stop outgoing web based spam
On Wed, 2006-08-09 at 09:50 -0400, Mills, Charles wrote:
I think if such a thing would exist, the "verification" gifs to prevent automated free yahoo and hotmail account signups would be defeated as well.
You mean Captcha (http://en.wikipedia.org/wiki/Captcha) Which is not so much of an issue: http://sam.zoy.org/pwntcha/ Otherwise simply setup a resource that people want to access (always the best example on the internet: a pr0n site) and present the image there and let them answer it for you ;) Hmm maybe I should look into hooking pwntcha into SA. Greets, Jeroen (who now will receive another gateway@blogger.com response that it doesn't understand multipart/signed messages.... can some nanog-list-admin remove that crappy thing?)
On Wed, 09 Aug 2006 15:59:52 +0200 Jeroen Massar <jeroen@unfix.org> wrote:
On Wed, 2006-08-09 at 09:50 -0400, Mills, Charles wrote:
I think if such a thing would exist, the "verification" gifs to prevent automated free yahoo and hotmail account signups would be defeated as well.
You mean Captcha (http://en.wikipedia.org/wiki/Captcha)
Which is not so much of an issue: http://sam.zoy.org/pwntcha/
Use of "captchas" has serious accessibility issues:0 visually-impaired users will have trouble completing forms. From a legal standpoint, this is a no-go and most definitely not possible for any government or public-sector agency in the United States. Several web accessibility regulations prohibit impairments. matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
On Wed, 9 Aug 2006, Matthew Black wrote:
Use of "captchas" has serious accessibility issues:0 visually-impaired users will have trouble completing forms. From a legal standpoint, this is a no-go and most definitely not possible for any government or public-sector agency in the United States.
Ditto for at least one EU jurisdiction, and likely several more of them. I can't quite remember if there already is a directive issued, but there definitely was/is an EU working group looking at a variety of equality issues. In Ireland, captchas would likely contravene the Equal Status Act of 2000 with respect to providing services, which applies to *all* persons and bodies. I believe the UK may have similar legislation in force (though I can't recall the name of the act). Turing tests can /easily/ be implemented in ASCII, which is compatible with screen readers used by the visually impaired. regards, -- Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A Fortune: "I have not the slightest confidence in 'spiritual manifestations.'" -- Robert G. Ingersoll
I think what was being talked about was that a lot of spam now comes as embedded images which unpack into ads for the usual stuff. It's actually been going on for a few years but I guess as the other stuff gets more and more effectively blocked this form becomes more salient. Thus far I don't know of any good filter for these. Common spam software seems to rotate or vary these slightly so it's not as simple as comparing to one you've seen before. Since the image formats are compressed, usually gif, tiny changes can ripple through the entire encoding. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
On Aug 9, 2006, at 2:15 PM, Barry Shein wrote:
I think what was being talked about was that a lot of spam now comes as embedded images which unpack into ads for the usual stuff. It's actually been going on for a few years but I guess as the other stuff gets more and more effectively blocked this form becomes more salient.
Thus far I don't know of any good filter for these.
Common spam software seems to rotate or vary these slightly so it's not as simple as comparing to one you've seen before. Since the image formats are compressed, usually gif, tiny changes can ripple through the entire encoding.
Now we'll have to throw our inbound email through an OCR. Then the spammers will start rotating the text or changing the background. So we'll write a better OCR that can see through such transformations. At which point, the spammers will be happy, because we'll have given them a tool to break Captchas. Hmmm... (Or just reject mail with images in it. :) -Dave
participants (5)
-
Barry Shein
-
David Andersen
-
Jeroen Massar
-
Matthew Black
-
Paul Jakma