Computer Tips -Tech Info

A lot of web sites these days use “turin tests” to keep from having automated bots sign up for mail or other services. (Or post entries to a forum or something.) For those that don’t know, a turin test is a test designed to filter machines from people. I doubt I’m the only one that has occasionaly found one of those squiggly letter/number images to be so distorted that I’ve failed the test… Anyway, it seems that there is a new trend in phishing/spamming emails. From incidents.org they’re seeing some mass mailing attempts that seem to be aimed at getting people to identify “Captcha” graphics for them. (A captcha is basically the random number image used in many online turin tests.)

Apparently,

At the moment I am pretty sure that spammers
were using this “trick” to make users solve CAPTCHA graphics for them. In
this case, I believe they were trying to open new accounts on free webmail
www.pochta.ru (that’s a legitimate Russian webmail). When you try to open a
new account on that site (http://www.pochta.ru/regform.php) you will be
presented with a CAPTCHA picture and it’s link will be exactly
http://www12.pochta.ru/rnd_img.php?sid=b7404f329f63328217f3bace053b39e9 (for
example).

Now, pochta.ru uses sid parameter to identify which CAPTCHA image will be
presented. The image itself will be changed (colors and number positions),
but the string that the user has to enter will remain the same. To test this
just enter the URL above in your browser and refresh couple of times – you
will see how it changes.

Therefore, spammers can build a big table of corresponding SID strings
(probably just hashes) and correct answers which enables them to
automatically open new accounts. This maybe even works on other sites if
they use same programs to generate CAPTCHA images.

…. clever, build a database of SID strings so you don’t need to “read” the image, just note the SID string and plug in the “human verified” correct answer.

It kind of reminds me of something I came across recently from Amazon. “Human Intelligence Tasks”, they’re paying small amounts for people to complete “Human Intelligence Tasks”, these tasks are things that cannot be machine completed, but require a person to look. “Identify the best photo of this building” or “identify these automotive parts”, etc. Now, for those of you eager to make quick money, the HIT’s as they call them are most all valued around 3 cents each…. there are lots, so I guess if you could churn through 6 a minute, you could make ~$10.80 an hour (of course on dialup you probably won’t be able to manage 1 every 10 seconds….)

Popularity: 1% [?]

   Send article as PDF   

• Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
• Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
• Firefox 1.5.0.4 out.... I haven't seen news to this yet, just found it on Mozilla.com, but the 1.5.0.4 release of firefox seems to have been released sometime today. (1.5.0.4 of Thunderbird was announced earlier today.) I don't know how quick Google is at directing to the new version of firefox, but I'll include......

• Core Security Technologies present IT SECURITY WEBCAST with Ed Skoudis, Josh Wright, and Kevin Johnson Pen Testing Perfect Storm Part VI: "We Love Cisco!" Date and Time: Wednesday, March 23, 2011 at 2pm EDT/ 11am PDT (GMT -4:00, New York) All registrants will receive a link to the webcast recording after the live session. About this webcast: During this webcast, security swashbucklers Ed Skoudis, Joshua......
• Introduction to Photo Blogging Photo blogs, which are also commonly referred to as photologs or phlogs, are great examples of the tendency for people to keep connected to one another at all times, as well as to share as much information as is possible with people who are virtually strangers to them. Photo blogging,......
• Facebook List Messages - 2011's Powerful Alternative to Email Marketing Strikes Hard, and is more than just Effective. [/caption] Internet Marketing Strategies, particularly Email Marketing, have seen an overhaul of sorts this past year. Rising standards in Anti-Spam Compliance Regulations have forced most email service providers like Aweber, MailChimp and iContact to reevaluate their levels of "leniency" towards unsubscribe rates and spam complaints, and enforce stricter monitoring......

Similar Posts

• Approaches to beating form spam submission
• Disappointing trend for online banking sites
• Nugache the latest in bot-net technology… and why you should care about botnets…
• More XBox 360 news
• Developers meet Marketing – Marketing developers….

This entry was posted on Thursday, November 17th, 2005 at 1:36 am and is filed under Computers, Security. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.