full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Inside India’s CAPTCHA

Re: [Full-disclosure] Inside India’s CAPTCHA Solving Economy

From: n3td3v <xploitable_at_nospam>
Date: Sat Aug 30 2008 - 23:51:50 GMT
To: full-disclosure@lists.grok.org.uk


On Sat, Aug 30, 2008 at 10:35 PM, Paul Schmehl <pschmehl_lists@tx.rr.com> wrote:
> --On August 30, 2008 1:57:32 PM -0700 coderman <coderman@gmail.com> wrote:
>
>> On Fri, Aug 29, 2008 at 1:08 PM, Dancho Danchev
>> <dancho.danchev@gmail.com> wrote:
>>>
>>> ... Indian workers breaking MySpace and Google
>>> CAPTCHAs,
>>
>> OH MY GOD SIR
>>
>> someone should make this illegal!!!
>>
>> (then CAPTCHA would be secure...)
>>
>>
>> *cough*
>>
>
> If nothing else, CAPTCHA is increasing the bad guys' costs of doing
> business, and that's a good thing.
>

At least its giving hundreds of thousands of poor indians employment, by paying them to manually create internet accounts for bot net herders to use. I don't know if thats what the Dancho Danchev blog post is about because I refuse to read anything by him or Zdnet. This activity of the bad guys employing poor internet users from developing countries isn't new. The bad guys, they target the folks in the developing countries to spend all day signing up web accounts manually, as they don't need to pay them an awful lot of money to do it, and they don't need to care about CAPTCHAs, because the poor citizens of the developing countries are entering the legitimate CAPTCHA word manually on behalf of the bad guys. There is a whole industry for it out there, and the folks in the developing countries don't mind helping out because they don't have much money and are pretty desperate, and to be honest, they don't actually know a lot of the time the scale of the operation they are getting involved in but they probably don't really care.

All the best,

n3td3v

https://groups.google.com/group/n3td3v



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/