WebApp Sec mailing list archives

Re: Defeating CAPTCHA

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 5 Sep 2005 12:41:13 +0530

On 29/08/05 08:03 -0400, Derick Anderson wrote:

I'm sure there is a significant number of valid credit card numbers
floating around in the open, but it is not without bound. An open, free
system (which I am not against, by the way) allows spammers to create as
many accounts as they wish. Once they have to pay for it, even with
stolen credit cards, the availability of accounts drops into a much
smaller finite number. Besides, if I have your credit card number, why
bother using it to create a spamming account? I've already got free
money. =)


Think 419 scammer. I buy a domain, host it and spam using that domain.
It appears legitimate, and will not be immediately kicked off a host. 
Freemail accounts are terminated fast (not fast enough, but fast).

Think of a scammer using confirm-paypal.com instead of
http://some.free.host.example.com/user/confirm-paypal.html

The problem for us is that a smaller, finite number is still bigger than
we can easily and economically handle.

Devdas Bhagat

Current thread:

Re: Defeating CAPTCHA, (continued)
- - - Re: Defeating CAPTCHA Christopher Kunz (Aug 31)
- Re: Defeating CAPTCHA Subs (Aug 26)
  - Re: Defeating CAPTCHA Michal Zalewski (Aug 26)
- Re: Defeating CAPTCHA Paul M. (Aug 26)
- Re: Defeating CAPTCHA victor (Aug 29)
  - RE: [WEB SECURITY] Re: Defeating CAPTCHA Marian Ion (Aug 29)
- RE: Defeating CAPTCHA Derick Anderson (Aug 26)
  - Re: Defeating CAPTCHA Devdas Bhagat (Aug 28)
- RE: Defeating CAPTCHA Derick Anderson (Aug 29)
  - RE: Defeating CAPTCHA wilsonc (Aug 29)
  - Re: Defeating CAPTCHA Devdas Bhagat (Sep 05)
- RE: Defeating CAPTCHA Derick Anderson (Sep 06)