[Please follow the posting guidelines, was "Re: [Asrg] Its all over for
Challenge Response". Mod.]
Phil,
First of all this is ancient news, it was mentioned on the ASRG list
back in November:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg07899.html
Additionally, we need to clarify this. The spammers do not break C/R per
se, rather they overcome the reverse Turing test AKA CAPTCHA part of it.
The basic point of C/R is to make sure that the originating email
address is valid and in order for spammers to do the scheme described
here, they must have valid return addresses. Therefore, if any spammer
wants to use this scheme, they become more traceable.
Yakov
P.S. There are also existing problems with using Turing tests, see the
post linked to above for the W3C draft.
Hallam-Baker, Phillip wrote:
spammers have found a way to break C/R schemes that have a 'turing test'
component.
You simply set up a free porn web site and get people to crack the turing
tests in return for seeing the porn.
http://yro.slashdot.org/article.pl?sid=04/01/28/1344207&mode=flat&tid=111&ti
d=126&tid=172&tid=95&threshold=1
Phill
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Some lies are easier to believe than the truth" (Dune)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg