Hallam-Baker, Phillip wrote:
Problem: Spammers pay people to solve Turing tests with pornography
Attack reported in high visibility forum (Slashdot)
The same flaw applies to just about everything. If you have the money,
you can beat just about anything.
Risk: Loss of confidence in anti-spam measures,
Very high probability of press attention, MUST have prompt
response
Public MUST NOT believe spammers have upper hand.
Based on what I've read on this list and the technology available now
as well as the total lack of interest in "doing what it takes" to get
results, I have about the least amount of confidence possible in
anti-spam measures. Tricking the public into thinking what YOU want
them to think versus the truth as it stands today (they have always
had the upper hand) is just stalling. Always tell the truth, it's the
best policy.
Solution: Add copyright notice to Turing test and sue malefactors.
Yes, because we all know how well copyright protects everything else
in the digital realm, like music and movies.
Background:
Turing tests are widely used to limit signups for free email
accounts (hotmail, Yahoo!). In addition they are used in some of the more
unpleasant email C/R schemes.
A typical turing test consists of a GIF image that has been
distorted in some way that is difficult to reverse using OCR techniques but
is easy for a human viewer to read.
The problem here is that the turing test is subject to a form of man
in the middle attack. The viewer of one site is tricked (or bribed) into
solving the Turing test of another site. Pornography provides an incentive
that is free to the spammer and attracts a large number of willing
participants.
The real problem here is that like all C/R these things are nothing
but stopgap measures, not solutions.
[Please don't CC responses to me, I'm subscribed here.]
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg