|
| Another google problem |
 |
Tue, 26 Feb 2008 21:32:58 -080 |
WebSense is a place that does various operations to detect problematic
or even dangerous security breaches or leaks or holes.
They've recently discovered^1 that in the currency of gmail having
opened up its access from one of being by invitation to one of open
access and implementing a CAPTCHA to deter robots acquiring new gmail
accounts that there is a very problematic security weakness.
A CAPTCHA^2 is an 'image' ostensibly readable only by humans, not by
bots, which requires the human to interpret the graphical appearance of
letters and keyboard input those letters to clear the captcha security.
The story is that 'spammers'^3 have developed a routine for cracking the
captcha barrier/security process, so that the acquisition of new gmail
accounts can be automated. This means that zombies (which are
controlled by 'spammers'^3 and other nefarious dangerous operators) can
be marshalled to acquire new gmail accounts by the gazillions to do all
sorts of things. For some reason, everyone seems to think that these
types of operations and technological breakthru's are strictly about
spamming.
To me, the spamming part of it^4 is just a way of making some money
until a real opportunity comes along. Like buying potentially valuable
real estate and putting some storage units on it to pay the bills and
make some pocket money until a *real* real estate development
opportunity comes along for the property.
Likewise, the badguys acquire lots of zombies and lots of gmail
addresses for the purpose of doing much more severe havoc than simple
spamming.
^1 http://www.websense.com/securitylabs/blog/blog.php?BlogID=174 Google
’s CAPTCHA busted in recent spammer tactics -- bots that are capable of
signing up and creating random Gmail accounts
^2 http://en.wikipedia.org/wiki/Captcha a type of challenge-response
test used in computing to determine whether the user is human
^3 spammers get blamed for everything, but in reality the same kinds of
breaches that spammers use have a great deal more serious dangers than
spamming purposes
^4 it = much more than spam; zombies, captcha busting, botnets, DoS
attacks, DoS ransom website hostaging, and more
--
Mike Easter
kibitzer, not SC admin
|
| Post Reply
|
| Re: Another google problem |
 |
Wed, 27 Feb 2008 12:39:01 -050 |
> WebSense is a place that does various operations to detect problematic
> or even dangerous security breaches or leaks or holes.
>
> They've recently discovered^1 that in the currency of gmail having
> opened up its access from one of being by invitation to one of open
> access and implementing a CAPTCHA to deter robots acquiring new gmail
> accounts that there is a very problematic security weakness.
>
> A CAPTCHA^2 is an 'image' ostensibly readable only by humans, not by
> bots, which requires the human to interpret the graphical appearance
> of letters and keyboard input those letters to clear the captcha
> security.
>
> The story is that 'spammers'^3 have developed a routine for cracking
> the captcha barrier/security process, so that the acquisition of new
> gmail accounts can be automated. This means that zombies (which are
> controlled by 'spammers'^3 and other nefarious dangerous operators)
> can be marshalled to acquire new gmail accounts by the gazillions to
> do all sorts of things. For some reason, everyone seems to think
> that these types of operations and technological breakthru's are
> strictly about spamming.
>
> To me, the spamming part of it^4 is just a way of making some money
> until a real opportunity comes along. Like buying potentially
> valuable real estate and putting some storage units on it to pay the
> bills and make some pocket money until a *real* real estate
> development opportunity comes along for the property.
>
> Likewise, the badguys acquire lots of zombies and lots of gmail
> addresses for the purpose of doing much more severe havoc than simple
> spamming.
>
>
> ^1 http://www.websense.com/securitylabs/blog/blog.php?BlogID=174
> Google ’s CAPTCHA busted in recent spammer tactics -- bots that are
> capable of signing up and creating random Gmail accounts
>
> ^2 http://en.wikipedia.org/wiki/Captcha a type of challenge-response
> test used in computing to determine whether the user is human
>
> ^3 spammers get blamed for everything, but in reality the same kinds
> of breaches that spammers use have a great deal more serious dangers
> than spamming purposes
>
> ^4 it = much more than spam; zombies, captcha busting, botnets, DoS
> attacks, DoS ransom website hostaging, and more
Interesting; I haven't seen their captcha images, but when I recently
installed it on my own web site I played with it. The default image
generator makes it pretty easy to discern the characters in ways I
suspected computers could easily do. I used the same width lines
throughout and all the same colors and only changed the background/text
coloring each time. And my list of codes is a short one, too ;-(.
Never thought of segmenting though; seems like a good idea; for awhile.
It's working so far, so until the "baddies" get in again, well ... .
lol, the only good spammer is a dead spammer, the only good zombie is a
rusty one being used as a boat anchor.
(we) need to kill the zombies and their servers off, not band-aid
against them but far as I know, no one is working in that direction with
any success or concerted efforts.
--
Regards,
Twayne
Open Office isn't just for wimps anymore;
OOo is a GREAT MS Office replacement
www.openoffice.org
|
| Post Reply
|
|
|
|
|
|
|
|
|
|