Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Defeating CAPTCHA

from [wilsonc] Network Security [Permanent Link]
Subject: RE: Defeating CAPTCHA
Date: Mon, 29 Aug 2005 15:47:35 -0400 
I for one, would love it if spammers were forced into using stolen credit
card numbers. First off, there would be no way spammers operating like that
could claim to be a 'legitimate' business. As a consequence, same spammers
were now committing fraud, they'd likely be targeted a lot more. And
companies would be more reluctant to do business with a spammer, if say, for
the purpose of a fraud investigation, their website is taken down for a
week. 
Second, if credit card theft increased, we'd see more security measures. My
bank offers a service called "verified by visa". When I log into my bank, I
have the option of reviewing the purchases on my card and approving them or
rejecting them. For internet purchases, such as off Amazon, the purchase
isn't actually completed until I verify that purchase. Now I realize the
security of one of these systems is only as secure as the verification
system (if someone had my bank account username and password and credit card
they could go shopping, but without all three they're out of luck), but so
far, for me, its worked out pretty well. Mass credit card fraud would force
credit card companies to be more secure and eliminate spam, both things I
could live with.

-----Original Message-----
From: Derick Anderson [mailto:danderson@vikus.com] 
Sent: Monday, August 29, 2005 8:03 AM
To: webappsec@securityfocus.com
Subject: RE: Defeating CAPTCHA

I'm sure there is a significant number of valid credit card numbers
floating around in the open, but it is not without bound. An open, free
system (which I am not against, by the way) allows spammers to create as
many accounts as they wish. Once they have to pay for it, even with
stolen credit cards, the availability of accounts drops into a much
smaller finite number. Besides, if I have your credit card number, why
bother using it to create a spamming account? I've already got free
money. =)

Derick Anderson


-----Original Message-----
From: Devdas Bhagat [mailto:devdas@dvb.homelinux.org] 
Sent: Sunday, August 28, 2005 2:35 AM
To: webappsec@securityfocus.com
Subject: Re: Defeating CAPTCHA

On 26/08/05 12:45 -0400, Derick Anderson wrote:
<snip>

1. Charge money. Spammers aren't going to shell out cash en masse.


But they are perfectly willing to use _your_ credit card for 
that. There are a lot of phishing attacks and broken CC# 
storage and transport systems that some spammers will have 
access to that data.

Devdas Bhagat
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Combatting automated download of dynamic websites?, Jayson Anderson
Next by Date:  Re: Combatting automated download of dynamic websites?, Matthijs R. Koot
Previous by Thread:  RE: Defeating CAPTCHA, Derick Anderson
Next by Thread:  looking for stats, Robin Wood
Indexes:  [Date] [Thread] [Top] [All Lists]