lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 31 Aug 2008 00:51:50 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 
	Inside India’s CAPTCHA Solving Economy

On Sat, Aug 30, 2008 at 10:35 PM, Paul Schmehl <pschmehl_lists@...rr.com> wrote:
> --On August 30, 2008 1:57:32 PM -0700 coderman <coderman@...il.com> wrote:
>
>> On Fri, Aug 29, 2008 at 1:08 PM, Dancho Danchev
>> <dancho.danchev@...il.com> wrote:
>>>
>>> ... Indian workers breaking MySpace and Google
>>> CAPTCHAs,
>>
>> OH MY GOD SIR
>>
>> someone should make this illegal!!!
>>
>> (then CAPTCHA would be secure...)
>>
>>
>> *cough*
>>
>
> If nothing else, CAPTCHA is increasing the bad guys' costs of doing
> business, and that's a good thing.
>

At least its giving hundreds of thousands of poor indians employment,
by paying them to manually create internet accounts for bot net
herders to use. I don't know if thats what the Dancho Danchev blog
post is about because I refuse to read anything by him or Zdnet. This
activity of the bad guys employing poor internet users from developing
countries isn't new. The bad guys, they target the folks in the
developing countries to spend all day signing up web accounts
manually, as they don't need to pay them an awful lot of money to do
it, and they don't need to care about CAPTCHAs, because the poor
citizens of the developing countries are entering the legitimate
CAPTCHA word manually on behalf of the bad guys. There is a whole
industry for it out there, and the folks in the developing countries
don't mind helping out because they don't have much money and are
pretty desperate, and to be honest, they don't actually know a lot of
the time the scale of the operation they are getting involved in but
they probably don't really care.

All the best,

n3td3v

https://groups.google.com/group/n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ