Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Auto reality check compromise increases spam from major e-mail services.

Fortify : 24 January, 2008  (Technical Article)
E-mail service sign up technology compromise has allowed spammers to sign up for Yahoo, Google and Hotmail accounts generating a surge in spam from these domains warns Fortify.
Fortify Software has warned Internet email users to check the integrity of messages from free Web email services such as Google, Hotmail and others, after Yahoo's CAPTCHA sign-up technology has been compromised.

'CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart - technology is used by a growing number of Web portals offering free email facilities to prevent the automated creation of sign-on accounts,' said Brian Chess, Fortify Software's founder and chief scientist. CAPTCHA technology shows contorted images of letters and numbers that only humans can identify when signing up for email service which prevents automated registrations from nefarious sources.

'Any free email service that is using the CAPTCHA system - or a similar approach to prevent automated sign-ups - is engaged in a never-ending arms race with its attackers,' he added.

According to Chess, the free email services are fighting something of a losing battle. As decoding software gets better, he notes that the good guys have to further contort the CAPTCHA images, and that makes life harder for legitimate users.

'The fact that the CAPTCHA technology has been compromised and can be even partially beaten by automated scripts means that anyone receiving email from a free mail service domains needs to take extra care and examine exactly who the message is coming from, to prevent any fancy footwork by hackers causing problems,' he explained.

Chess went on to say that, using automated scripts, hackers can now create a series of free email addresses centering, for example, around a major software vendor's name and generate requests for personal information or money.

It's not all doom and gloom with the free email services, however, as Chess says that Yahoo has plenty of other behind-the-scenes mechanisms for identifying spam accounts.

'I don't expect this crack will leave them wide open. They've been through this before. They have good defence in depth on this front,' he said, adding that, hopefully Yahoo isn't about to lay off anyone on its security team just yet!" he said, referring to rumours that Yahoo! will layoff its staff.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo