The author (Gadi Evron) blogs on the Securiteam's website about what he has named to be a 'Reverse CAPTCHA'! The author in this blog states that images used in spam can be called a 'Reverse CAPTCHA'.
There are some problems in using this terminology!
The definition of a CAPTCHA by the CMU team is thus:
====
A CAPTCHA is a program that can generate and grade tests that most humans can pass, but current computer programs can't pass.
====
Somehow the tests such programs generate has also got the name 'CAPTCHA'. We shall accept such a nomenclature. Thus the distorted letters that we see and try to recognize have also been called CAPTCHAs.
CAPTCHAs are a kind of 'Reverse Turing Tests' (RTT), this is also noted in the Securiteam Blog.
Thus then, is a 'Reverse CAPTCHA' a 'reverse-reverse-Turing test' == 'Turing test'?
Turing Test -> (reversed) --> CAPTCHA
CAPTCHA -> (reversed) --> Turing Tests
No, the author rightly mentions that, his definition of a 'reverse CAPTCHA' is based only on the intent. CAPTCHAs were designed to stop the bad guys and allow the good guys, while image based spam uses the same concept to allow the bad things in.
The reversal in this case is only in the intent. Calling that a 'reverse CAPTCHA' is not the right thing causes it only confuses and muddles up the terminology.
Image based Spam is also an example of a CAPTCHA. Humans can pass it while machines can not. It is just an abuse of the original concept of CAPTCHA.
,
,
Monday, November 20, 2006
Sunday, November 19, 2006
Google, Worms and CAPTCHAs
At the recently held WORM 2006 workshop, Niels Provos (Google) in his presentation, informed us that CAPTCHAs were used by Google in preventing worm attacks.
Some worms (I don't recollect the details and don't have my notes handy now) use Google to search for email addresses to mail themselves to. Google used CAPTCHAs to prevent such automated web attacks.
Will update this post with more details soon.
UPDATE 4/29/2007:
Found the details. It was the Slaty Worm against which CAPTCHAs were used by the Google team. The research paper detailing this is titled "Search Worms".
, ,
Some worms (I don't recollect the details and don't have my notes handy now) use Google to search for email addresses to mail themselves to. Google used CAPTCHAs to prevent such automated web attacks.
Will update this post with more details soon.
UPDATE 4/29/2007:
Found the details. It was the Slaty Worm against which CAPTCHAs were used by the Google team. The research paper detailing this is titled "Search Worms".
, ,
Technology Watch - Google Checkout
This holiday season, you would have noticed at websites, the offer of $10 off if one paid for the merchandise using 'Google Checkout'.
I was curious about it and clicked that extra link to know more about the service. Google is trying to make inroads into the web payment business.
Using 'Google Checkout', the customer pays the merchant through Google. Google stores the transaction information, the credit card details and forwards money to the vendor.
Advantages:
* One account for all the monetary transactions
* No more reliance on the vendor to keep the credit card details safely (we can surely assume that Google will do a better job of keeping the details safe)
Disadvantages:
* One more level of invasion of privacy by google. Google will now be able to keep tab on what one buys apart from all the information it already knows about us.
* Further helps Google to become one big company which wants to control everything
, ,
I was curious about it and clicked that extra link to know more about the service. Google is trying to make inroads into the web payment business.
Using 'Google Checkout', the customer pays the merchant through Google. Google stores the transaction information, the credit card details and forwards money to the vendor.
Advantages:
* One account for all the monetary transactions
* No more reliance on the vendor to keep the credit card details safely (we can surely assume that Google will do a better job of keeping the details safe)
Disadvantages:
* One more level of invasion of privacy by google. Google will now be able to keep tab on what one buys apart from all the information it already knows about us.
* Further helps Google to become one big company which wants to control everything
, ,
Technology Watch - Yahoo email and maps
Yahoo is doing pretty well IMHO in providing competition to Google's gmail. I was able to check their latest feature in Yahoomail today.
I received an email with an address in it. Yahoo recognized the lines which had the address and with a click of the mouse allowed me to see it on their new Yahoo maps. Not only that, in the same map page, I could type in the starting location and Yahoo would give me the driving directions.
Pretty neat !!
And if you receive a phone number in the email, Yahoo also allows you to save the number in your contacts list.
, ,
I received an email with an address in it. Yahoo recognized the lines which had the address and with a click of the mouse allowed me to see it on their new Yahoo maps. Not only that, in the same map page, I could type in the starting location and Yahoo would give me the driving directions.
Pretty neat !!
And if you receive a phone number in the email, Yahoo also allows you to save the number in your contacts list.
, ,
Wednesday, November 15, 2006
Spam and Wikipedia
If you read the post prior to this, you would know about the strange error message that I got on Samspade.org.
This was the strange error message:
============
ERROR: Unable to connect to for Content-Type: multipart/alternative; boundary=f8a38150b440dab4e5aa41b8e373d75a X-Mailer: Mozilla 4.78 [en] (WinNT; U) Subject: mushrooms have more cc: fioday@aol.com cc: lacutepoet@aol.com cc: k0enig@aol.com cc: misstress22@aol.com cc: livvybird@aol.com cc: dinotto2@aol.com cc: catrice351@aol.com cc: sportstar3tk@aol.com This is a multi-part message in MIME format. --f8a38150b440dab4e5aa41b8e373d75a Content-Transfer-Encoding: quoted-printable Content-Type: text/plain pickle cured and coated in yellow cornmeal. his variation is also known as = peameal bacon, because in times past a mixture of ground yellow peas was us= ed for coating to improve curing --f8a38150b440dab4e5aa41b8e373d75a-- . for 70.167.151.46 ... Aborting
============
What did I do next? The very very obvious, I googled for the following sentence (without the quotes) "plain pickle cured and coated in yellow cornmeal. his variation is also known as".
The first hit was Wikipedia ! This Wikipedia article on Bacon has the exact sentence.
The other hits are also quite interesting. For instance on this site http://www.typotect.com/a/pix/pix-Pages/images.php?id=0 a similar piece of text appears. It appears as comment spam and the text is:
============
posted by: dry Content-Transfer-Encoding: quoted-printable X-Grocery: 00637cad6139c633d2962282ef73ea86 Content-Type: text/plain X-Mailer: Eudora [Macintosh version 6.0a15] Subject: the ham in a brine to: jimmydy2j@aol.com to: print4u2@aol.com to: sndbutler02@aol.com to: gantwo@aol.com to: mpcbfamily@aol.com to: iynchwise@aol.com has been sweet pickle cured and coated in yellow cornmeal. his variation is= also known as peameal bacon, because in times past a mixture of ground yel= low .he9808@typotect.com
============
On this site http://www.joesportsfan.com/column.php?storyid=102
we again see comment spam, the text being:
============
Posted By t8241@joesportsfan.com :: September 14, 2006 @ 12:06:07 AM
often
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/1.0-5mdk
Content-Type: text/plain
Moked: 62f25a15e7aef27d13ad6ff229dbddd6
Subject: curing suitable
bcc: marciec67@yahoo.com
bcc: hazeltwinkle19@yahoo.com
bcc: ltcaohf@yahoo.com
bcc: michaelbutch@yahoo.com
bcc: bluedog420@yahoo.com
bcc: iynchwise@aol.com
bcc: jpjones@yahoo.com
bcc: maromar@lycos.com
bcc: dbanks@qwest.net
bcc: parchment@yahoo.com
bcc: titsnhips215@marten.com
anada, where it is simply called back bacon, or peameal bacon. n anada,
anadian bacon is traditionally unsmoked back bacon that has been sweet
pickle cured and coated in yellow cornmeal. his variation is also known as
peameal bacon, because in times past a mixture
============
We have seen very recently how spam messages were making use of English classic texts to pass through Spam filters.
Question Time:
* Is this attempt of using text from Wikipedia along the same lines?
* Why is email spam being seen in comment fields?
* Why is Samspade displaying email spam?
, ,
This was the strange error message:
============
ERROR: Unable to connect to for Content-Type: multipart/alternative; boundary=f8a38150b440dab4e5aa41b8e373d75a X-Mailer: Mozilla 4.78 [en] (WinNT; U) Subject: mushrooms have more cc: fioday@aol.com cc: lacutepoet@aol.com cc: k0enig@aol.com cc: misstress22@aol.com cc: livvybird@aol.com cc: dinotto2@aol.com cc: catrice351@aol.com cc: sportstar3tk@aol.com This is a multi-part message in MIME format. --f8a38150b440dab4e5aa41b8e373d75a Content-Transfer-Encoding: quoted-printable Content-Type: text/plain pickle cured and coated in yellow cornmeal. his variation is also known as = peameal bacon, because in times past a mixture of ground yellow peas was us= ed for coating to improve curing --f8a38150b440dab4e5aa41b8e373d75a-- . for 70.167.151.46 ... Aborting
============
What did I do next? The very very obvious, I googled for the following sentence (without the quotes) "plain pickle cured and coated in yellow cornmeal. his variation is also known as".
The first hit was Wikipedia ! This Wikipedia article on Bacon has the exact sentence.
The other hits are also quite interesting. For instance on this site http://www.typotect.com/a/pix/pix-Pages/images.php?id=0 a similar piece of text appears. It appears as comment spam and the text is:
============
posted by: dry Content-Transfer-Encoding: quoted-printable X-Grocery: 00637cad6139c633d2962282ef73ea86 Content-Type: text/plain X-Mailer: Eudora [Macintosh version 6.0a15] Subject: the ham in a brine to: jimmydy2j@aol.com to: print4u2@aol.com to: sndbutler02@aol.com to: gantwo@aol.com to: mpcbfamily@aol.com to: iynchwise@aol.com has been sweet pickle cured and coated in yellow cornmeal. his variation is= also known as peameal bacon, because in times past a mixture of ground yel= low .he9808@typotect.com
============
On this site http://www.joesportsfan.com/column.php?storyid=102
we again see comment spam, the text being:
============
Posted By t8241@joesportsfan.com :: September 14, 2006 @ 12:06:07 AM
often
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/1.0-5mdk
Content-Type: text/plain
Moked: 62f25a15e7aef27d13ad6ff229dbddd6
Subject: curing suitable
bcc: marciec67@yahoo.com
bcc: hazeltwinkle19@yahoo.com
bcc: ltcaohf@yahoo.com
bcc: michaelbutch@yahoo.com
bcc: bluedog420@yahoo.com
bcc: iynchwise@aol.com
bcc: jpjones@yahoo.com
bcc: maromar@lycos.com
bcc: dbanks@qwest.net
bcc: parchment@yahoo.com
bcc: titsnhips215@marten.com
anada, where it is simply called back bacon, or peameal bacon. n anada,
anadian bacon is traditionally unsmoked back bacon that has been sweet
pickle cured and coated in yellow cornmeal. his variation is also known as
peameal bacon, because in times past a mixture
============
We have seen very recently how spam messages were making use of English classic texts to pass through Spam filters.
Question Time:
* Is this attempt of using text from Wikipedia along the same lines?
* Why is email spam being seen in comment fields?
* Why is Samspade displaying email spam?
, ,
Samspade Problems
I wonder if I am a good story teller. I hope I am, 'cause I am going to tell you one.
Late evening today, when I was too tired to do any technical work, I was browsing around the web when a firewall alert, alerted me to the fact that my web browser wanted to accept connections from 70.167.151.46:5004.
That having piqued my curiosity, I immediately proceeded to www.samspade.org to find more about this IP address. It is another story that this IP address belongs to Cox Communications and that I still have no clue why my browser wished to connect to it.
At Spamspade.org another story was unfolding. As you might know the site has been experiencing some difficulties lately. It was down for some time and then came up with limited functionality.
I was quite surprised to note that my query for the IP address lead to a strange error message from Samspade. The error message being:
============
============
I went back to their main page and again ran the query which again resulted in the same error message. I happened to notice that although I was querying for the 70.167.151.46 IP address, the results page on Samspade would have a different IP address in the title.
This can be seen in the image below.
I ran the query 3-4 times and every time I would get the strange error message and the title varied as follows:
Whois tr12g05.aset.psu.edu
Whois mailgate5.sitestar.net
Some sanity returned and now I started receiving an error message:
============
"ERROR: Unable to connect to this7587@samspade.org for 70.167.151.46 ... Aborting ..."
============
while the title on the results page varied as follows:
Whois 74.6.74.44
Whois 205.188.116.139
Whois 72.236.205.249
Whois 72.236.205.249
Whois 70.167.151.46
You would note that the last title in the list is the right one and that is what should have been displayed right from the beginning.
Wonder what is going on with Samspade ?
============
PS: Due to some bug in Blogger, after the first usage of any html tag, the line spacing goes for a toss. Thus after the first time I used the blockquote tag, the line spacing went for a toss and did not default back! bugs...
, ,
Late evening today, when I was too tired to do any technical work, I was browsing around the web when a firewall alert, alerted me to the fact that my web browser wanted to accept connections from 70.167.151.46:5004.
That having piqued my curiosity, I immediately proceeded to www.samspade.org to find more about this IP address. It is another story that this IP address belongs to Cox Communications and that I still have no clue why my browser wished to connect to it.
At Spamspade.org another story was unfolding. As you might know the site has been experiencing some difficulties lately. It was down for some time and then came up with limited functionality.
I was quite surprised to note that my query for the IP address lead to a strange error message from Samspade. The error message being:
============
"ERROR: Unable to connect to for Content-Type: multipart/alternative; boundary=f8a38150b440dab4e5aa41b8e373d75a X-Mailer: Mozilla 4.78 [en] (WinNT; U) Subject: mushrooms have more cc: fioday@aol.com cc: lacutepoet@aol.com cc: k0enig@aol.com cc: misstress22@aol.com cc: livvybird@aol.com cc: dinotto2@aol.com cc: catrice351@aol.com cc: sportstar3tk@aol.com This is a multi-part message in MIME format. --f8a38150b440dab4e5aa41b8e373d75a Content-Transfer-Encoding: quoted-printable Content-Type: text/plain pickle cured and coated in yellow cornmeal. his variation is also known as = peameal bacon, because in times past a mixture of ground yellow peas was us= ed for coating to improve curing --f8a38150b440dab4e5aa41b8e373d75a-- . for 70.167.151.46 ... Aborting"
============
I went back to their main page and again ran the query which again resulted in the same error message. I happened to notice that although I was querying for the 70.167.151.46 IP address, the results page on Samspade would have a different IP address in the title.
This can be seen in the image below.
I ran the query 3-4 times and every time I would get the strange error message and the title varied as follows:
Whois tr12g05.aset.psu.edu
Whois mailgate5.sitestar.net
Some sanity returned and now I started receiving an error message:
============
"ERROR: Unable to connect to this7587@samspade.org for 70.167.151.46 ... Aborting ..."
============
while the title on the results page varied as follows:
Whois 74.6.74.44
Whois 205.188.116.139
Whois 72.236.205.249
Whois 72.236.205.249
Whois 70.167.151.46
You would note that the last title in the list is the right one and that is what should have been displayed right from the beginning.
Wonder what is going on with Samspade ?
============
PS: Due to some bug in Blogger, after the first usage of any html tag, the line spacing goes for a toss. Thus after the first time I used the blockquote tag, the line spacing went for a toss and did not default back! bugs...
, ,
Wednesday, November 08, 2006
Fountain Pens
Not many use a fountain pen these days, at least not for daily writing.
I found this great web site which had a lot of suggestions and advice.
, ,
I found this great web site which had a lot of suggestions and advice.
, ,
CAPTCHAs at Internet Storm Center
ISC ran a story titled 'Form Spam: Increasing the Attacker's work function'
To deal with spam they implemented a CAPTCHA. This was some home made CAPTCHA solution. They report that this led to a decrease in the number of submissions:
Kinda interesting to note that the highly-technical geeky chaps did not want to solve a CAPTCHA !
, ,
To deal with spam they implemented a CAPTCHA. This was some home made CAPTCHA solution. They report that this led to a decrease in the number of submissions:
Our somewhat ugly home made captcha solution caused submissions to drop by about 30%, which wasn't acceptable.
Kinda interesting to note that the highly-technical geeky chaps did not want to solve a CAPTCHA !
, ,
Tuesday, November 07, 2006
Turn Indicator Colour
Simple Question:
what is the best colour for the turn indicator on vehicles?
I was used to seeing vehicles which had orange coloured lights for turn indicators and red coloured lights for brake light and tail light.
But now I see and get irritated by turn indicators which are ALSO red in colour! Isn't it better not to confuse the driver behind and simply keep the colours separate?
Worse than this is, the concept of using the brake light itself as a turn indicator!!! At least once I almost FAILED to notice that the car in front of me was signaling to turn since in that car, one of the brake lights turns into a flashing light (to indicate the 'turn') while the other remains a solid red.
I am not sure how much research has gone into this GREAT IDEA!!!!!!
, ,
what is the best colour for the turn indicator on vehicles?
I was used to seeing vehicles which had orange coloured lights for turn indicators and red coloured lights for brake light and tail light.
But now I see and get irritated by turn indicators which are ALSO red in colour! Isn't it better not to confuse the driver behind and simply keep the colours separate?
Worse than this is, the concept of using the brake light itself as a turn indicator!!! At least once I almost FAILED to notice that the car in front of me was signaling to turn since in that car, one of the brake lights turns into a flashing light (to indicate the 'turn') while the other remains a solid red.
I am not sure how much research has gone into this GREAT IDEA!!!!!!
, ,
Borat, Borat, boRAT
You must see the movie "Borat: Cultural Learnings of America for Make Benefit Glorious Nation of Kazakhstan". It is really really hilarious like all the millions of zillions of people are saying about it.
The theater I went to, had the audience laughing almost throughout the movie. Some people were laughing out so much that they started stamping their feet on the ground!! Claps would be heard every now and then from segments of the crowd. A must-watch movie to get great laughs.
The Question: How many of the people in the movie knew that this was for a movie?
A lot of websites are following up on this question. A good source for answers is "The Real Stories behind Borat". This site has collected various local news articles which report on the reactions of the people who were duped into being part of the shot.
Yes, duped is the word. Most of them reportedly had not read the fine print of the consent forms they hurriedly signed. There is also speculation on the internet that one of them will definitely sue the actor and his team.
About whether there was a script or not, this MTV article has this to say:
Surely the whole shooting would have had a lot of hiccups. The team had a lot of problems with the law enforcement authorities reports the same MTV article:
, ,
The theater I went to, had the audience laughing almost throughout the movie. Some people were laughing out so much that they started stamping their feet on the ground!! Claps would be heard every now and then from segments of the crowd. A must-watch movie to get great laughs.
The Question: How many of the people in the movie knew that this was for a movie?
A lot of websites are following up on this question. A good source for answers is "The Real Stories behind Borat". This site has collected various local news articles which report on the reactions of the people who were duped into being part of the shot.
Yes, duped is the word. Most of them reportedly had not read the fine print of the consent forms they hurriedly signed. There is also speculation on the internet that one of them will definitely sue the actor and his team.
About whether there was a script or not, this MTV article has this to say:
"There was no script. The movie is an experiment — a new form of filmmaking for an age in which reality and entertainment have become increasingly intertwined. Real events with real people push the film's fictional story, and when scenes played out in unexpected ways, Baron Cohen and his colleagues had to rewrite the outline."
Surely the whole shooting would have had a lot of hiccups. The team had a lot of problems with the law enforcement authorities reports the same MTV article:
In real life, the legally questionable activities of Baron Cohen and his colleagues often attracted the attention of local authorities. A warrant was issued for the actor's arrest in New York, and Baron Cohen was advised by police to leave the state when he tried to secure a room in a fancy hotel while his underwear was hanging out of his pants. Through it all, the actor remained in character as Borat - even when the Secret Service detained him outside the White House.
, ,
Subscribe to:
Posts (Atom)
Posts
