Re: Form spam

[Marty Hoag <marty.hoag () NDSU EDU>]

   Aha. I recalled the SANS ISC Diary that Brian
mentioned but couldn't find it until this note
reminded me that it contained a reference to
captcha... ;-)  It's at

http://isc.sans.org/diary.html?date=2006-11-08

They had a rather interesting approach...

   marty

H. Morrow Long wrote:
> You could use a captcha -- and (or combine it)
> with a username and password to restrict
> automated form spam.
>
> - H. Morrow Long, CISSP, CISM, CEH
>   University Information Security Officer
>   Director -- Information Security Office
>   Yale University, ITS
>
>
>
> On Feb 15, 2007, at 2:16 PM, Brian Smith-Sweeney wrote:
>
> > David Dean wrote:
> > > Does anyone do anything about form spam?  We have application level
> > > processes in place but we don't report this the way, say, email spam is
> > > reported and track, and sometimes prosecuted.  I ask because we're
> > > getting more and more.  It seems to be the cool new outlet for
> > > frustrated email spammers.
> > >
> > > Thanks,
> > > David
> > The ISC at SANS did something on this a while back, because they were
> > getting bombarded; I don't know if they're tracking/reporting this stuff
> > or not.  Unfortunately I couldn't find the diary entry where they
> > discussed this but I know they've got something in place.
> >
> > Cheers,
> > Brian
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Brian Smith-Sweeney      Sr. Network Security Analyst
> > ITS Technology Security Services, New York University
> > bsmithsweeney () nyu edu <mailto:bsmithsweeney () nyu edu>
> > http://www.nyu.edu/its/security
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~