From dirk at haun-online.de  Mon Oct 29 17:04:37 2007
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 29 Oct 2007 23:04:37 +0200
Subject: [geeklog-spam] [geeklog-devel] Breaking Captchas with Trojans
In-Reply-To: <4725AE1B.9000506@spiesshofer.com>
References: <4725AE1B.9000506@spiesshofer.com>
Message-ID: <20071029210437.1952409956@smtp.haun-online.de>

Oliver Spiesshofer wrote:

>http://blog.trendmicro.com/captcha-wish-your-girlfriend-was-hot-like-me/
(...)
>Any thoughts on this? I do not think that there is anything one can do 
>against that.

You should have attended my Webspam presentation[1]. I've argued that
spam protection currently relies too much on CAPTCHAs which will be
broken pretty soon anyway, due to the advances in OCR to fight email
spam. You know, those emails where the spam is hidden in an attached
image - and in order to bypass regular OCR software, the text is often
skewed or otherwise distorted, pretty much like a CAPTCHA text.

Attacks like this trojan will be the exception for now, but the end of
CAPTCHAs is nigh - and then we have a real problem on our hands.

bye, Dirk

[1] <http://www.geeklog.net/filemgmt/index.php?id=873>


-- 
http://www.haun-online.de/
http://geeklog.info/