back to article (New) dirt-cheap bots attack Hotmail Captchas

UK researchers have devised a novel and inexpensive way of cracking Microsoft's Windows Live Captchas with a success rate of more than 60 percent, a finding that further exposes weaknesses in a key measure designed to keep miscreants from infiltrating free online services. In a paper (PDF) published Monday, Jeff Yan and Ahmad …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    "Charge to send email" emails aren't just for humans

    With a "stamp" based system only external mail from unknown addresses would be checked, which means that your internal servers and external servers with a known source address wouldn't have to acquire a stamp first. But it would be trivial to modify your own outgoing mail to produce it's own stamp verified on your own authority as well. It'd also help when email addresses are typo'd and accidentally get sent outside the business, (they wouldn't be delivered because of the stamp).

    >the alternatives to captchas invade privacy and restrict freedom

    Stamps don't, although they do force you to pay a subscription to a verification body.

    >In the RW a lot of people and businesses send a lot of bulk e-mail, very legitimate opted-in e-mail.

    That could have a stamp attached, if there are loads of complaints to the issuer of the stamps they'd cut you off and you'd have to find another issuer, the issuers would have to police this, because otherwise they'd be worthless.

    >No, what's needed is a real ground-up redesign of how e-mail works

    You start off with the real world and then suggest a ground up re-write of email?

    >Use combo boxes to let user enter the captcha digits

    The spammers don't sit there in front of a browser typing out every message in a web form, they have a prog that fills out the form, it doesn't matter whether the text is transferred via drop downs or a text box.

    >This says something about the ethics of Newcastle University.

    Come on, we all know that security through obscurity is also insecurity through obscurity, by not letting people know that captcha's are easily hacked people would carry on using them unawares.

  2. Anonymous Coward
    Anonymous Coward

    @Andy

    I lolled.

    and

    I also thought the same thing.

  3. Andy
    Stop

    Solution to spam is so easy and obvious

    Charging for email is impractical and imo morally wrong.

    The solution to spam (from webmail services at least) is simple, just limit the amount of emails than can be sent by any user to say 100 per day. No normal user needs to send more emails than this per day and such a scheme would make spamming so slow as to be pointless.

    Of course the other (equally simple) solution would just be to instantly shut down any website that uses spam to advertise - i.e. follow the money. You can't catch the spammers but you can certainly catch/stop the people that employ them. If a website knew that it would get blocked immeadiataly for using spam to advertise then it wouldn't do it. Why this is not happening is a mystery to me.

  4. Bill Fresher

    Re: Solution to spam is so easy and obvious

    "just limit the amount of emails than can be sent by any user to say 100 per day"

    or if there are more than 100 emails bounced back in one day the account is closed.

  5. Dave
    Coat

    turing test games

    i agree with the idea of turing tests on outgoing emails - if you turn the spammers off sites like hotmail and gmail, and secure windoze boxes a bit more, they'll be forced to use limited IP addresses, which are easier to stop.

    i've thought for a while that a game would be a good turing test for gmail/hotmail - every time you send an email you have to drive a car around a track (10-20 sec. etc), or use your mouse to guide a person through a maze (inside a time limit).

    chances of a computer doing that aren't worth calculating, and it makes email more fun.

    it'd be like taking the crap parts of facebook (messaging tossers and playing rubbish games), and putting them together to form something useful. who' have thought.

  6. James Penketh

    Why do I need a title?

    "What, you don't want to have to identify yourself? You want privacy? Anonymity? Bah, don't kid yourself."

    -Anonymous Coward

    Do I sense some irony here?

  7. bluesxman
    Paris Hilton

    What do you?

    Why not encourage more widespread adoption of ReCAPTCHA? At least that way these nasty little bots can be doing something useful with their time as a side effect.

    Paris, cause I think she could be squinting at a CAPTCHA image that her computer can read that she can't.

  8. Anonymous Coward
    Anonymous Coward

    why not

    why not stop trying to solve a social problem with technology.

    Problem

    Spam is profitable

    Solution

    Stop making spam profitable.

    To not make spam profitable people need to stop clicking on the damn things. Simple, no advanced technology needed.

    DO NOT CLICK ON JUNK - seriously.

    Of course nowadays everyone wants to solve social problems with technology. No room for common sense in the west.

    Idiots.

Page:

This topic is closed for new posts.

Other stories you might like