| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Mar 2008 12:46:16 +0100 From: vulns@...tercore.com To: bugtraq@...urityfocus.com Subject: Rise of the spammers Hi, According to the following press release of MessageLabs: http://www.messagelabs.com/resources/press/11351 "the proportion of spam from Gmail increased two-fold from 1.3 percent in January to 2.6 percent in February" Recently, researchers at Websense also spotted ITW (http://www.websense.com/securitylabs/blog/blog.php?BlogID=174) a bot trying to break Gmail's image captcha, with relative success though. So it seems pretty clear that spammers are abusing of legal services to spread their stuff although it is not so clear how they are doing so. AFAIK nobody has paid attention to the Gmail's audio captcha as attack vector. This captcha turns out to be extremely weak against simple fourier analysis so you can easily achieve a success rate of 90% even without implementing a HMM or any other well-known classifier. You can read the technical details in the following post http://blog.wintercore.com/?p=11 Video: http://blog.wintercore.com/files/breaking_gmail_audio_captcha.wmv Regards, Rubén. -- Wintercore Agustin de Betancourt, 21. 8th Floor. 28003 Madrid. Spain. Phone: +(34) 91 395 63 40 www.wintercore.com
Powered by blists - more mailing lists