We have seen this mentioned here before. This approach to C/R by spammers
does have one beneficial side-effect: they must ensure that the challenge
gets back to a useful address. Thus, they can no longer forge everything
and
expect mail to get through.
The same effect can be achieved without negative impact on the end user
experience.
It is possible to save the turing test mechanism, but not for private
practices. I just sent this out to the managers responsible for the Turing
test mechanisms used to stop mass signups for mail accounts. Basically
Microsoft should add a copyright notice to their turing test image and offer
a free X-Box for the first person to report each site using a man in the
middle attack to defeat it.
Problem: Spammers pay people to solve Turing tests with pornography
Attack reported in high visibility forum (Slashdot)
Risk: Loss of confidence in anti-spam measures,
Very high probability of press attention, MUST have prompt
response
Public MUST NOT believe spammers have upper hand.
Solution: Add copyright notice to Turing test and sue malefactors.
Reference:
http://yro.slashdot.org/article.pl?sid=04/01/28/1344207&mode=flat&tid=111&ti
d=126&tid=172&tid=95&threshold=1
Background:
Turing tests are widely used to limit signups for free email
accounts (hotmail, Yahoo!). In addition they are used in some of the more
unpleasant email C/R schemes.
A typical turing test consists of a GIF image that has been
distorted in some way that is difficult to reverse using OCR techniques but
is easy for a human viewer to read.
The problem here is that the turing test is subject to a form of man
in the middle attack. The viewer of one site is tricked (or bribed) into
solving the Turing test of another site. Pornography provides an incentive
that is free to the spammer and attracts a large number of willing
participants.
Solution:
A quick fix would be to add a copyright tag into the Turing test so
that it is clear that this substitution is taking place.
Set up a bounty system for reporting such attacks, a free X-Box is
probably more attractive than free porn. Or you could give a free X-Box and
a subscription to your choice of Penthouse, Comopolitan or a non-porn title.
It is important that the press is quickly informed that there is a
response if public confidence is to be maintained. For anti-spam measures to
be effective as psychology, it is vital that people believe that it is the
spammers who are on the defensive.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg