Re: [Full-disclosure] Inside India’s CAPTCHA Solvin g Economy
On Sunday 31 Aug 2008, n3td3v wrote: > At least its giving hundreds of thousands of poor indians employment, > by paying them to manually create internet accounts for bot net > herders to use. I don't know if thats what the Dancho Danchev blog > post is about because I refuse to read anything by him or Zdnet. This > activity of the bad guys employing poor internet users from > developing countries isn't new. The bad guys, they target the folks > in the developing countries to spend all day signing up web accounts > manually, as they don't need to pay them an awful lot of money to do > it, and they don't need to care about CAPTCHAs, because the poor > citizens of the developing countries are entering the legitimate > CAPTCHA word manually on behalf of the bad guys. There is a whole > industry for it out there, and the folks in the developing countries > don't mind helping out because they don't have much money and are > pretty desperate, and to be honest, they don't actually know a lot of > the time the scale of the operation they are getting involved in but > they probably don't really care. Thank you for the extremely patronising and ill-informed post. I'd suggest the next time you don't have a clue about a region you keep your mouth shut and be thought an idiot, rather than open it and be confirmed as one. -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
On Sun, 31 Aug 2008 05:23:00 BST, n3td3v said: > 3) If accusations of domain name retailers start appearing in the > press, I don't think the domain name retailers are > going to be too happy, seeing as those customers at this stage haven't > commited any offence. And the actual *damages* would be what, exactly? How much money was lost, or will likely be lost, as a result of this? Remember in your discussion to include the fact that these are all *new* sites still struggling to attract eyeballs - so you can't even claim "Gadi scared off 10% of our eyeballs" because they had *zero* eyeballs last week, so there's no history to compare against Hint: read http://en.wikipedia.org/wiki/Streisand_effect and ask yourself whether the sites in question - all *new* ones that do not have any established users yet - are better off being mentioned or not being mentioned. Gadi just saved them the cost of paying some (probably shady) company to improve their page ranking and getting them some hits... "There's no such thing as bad publicity..." pgpFIMWwMKsn4.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
On Sun, Aug 31, 2008 at 5:18 AM, <[EMAIL PROTECTED]> wrote: > On Sun, 31 Aug 2008 05:12:12 BST, n3td3v said: > >> As for domain name retailers being named and shamed on funsec, I would >> be taking legal action at this stage if I was a domain name retailer, > > And your legal reasoning would be, what, exactly? Even under the US's rather > wonky legal system, you usually need to show some sort of actual claim of > damage (or potential damage, if you're looking for a temporary restraining > order). > 1) Often funsec posts start getting used in news journalist articles. 2) Gadi Evron runs the funsec mailing list and he blasts out anything to Nanog thats going to get his name up in lights. 3) If accusations of domain name retailers start appearing in the press, I don't think the domain name retailers are going to be too happy, seeing as those customers at this stage haven't commited any offence. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
On Sun, 31 Aug 2008 05:12:12 BST, n3td3v said: > As for domain name retailers being named and shamed on funsec, I would > be taking legal action at this stage if I was a domain name retailer, And your legal reasoning would be, what, exactly? Even under the US's rather wonky legal system, you usually need to show some sort of actual claim of damage (or potential damage, if you're looking for a temporary restraining order). pgp0JfbGZjHYP.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
On Sun, Aug 31, 2008 at 4:38 AM, n3td3v <[EMAIL PROTECTED]> wrote: > All i'm saying is, don't copy these idiots, Marcus Sachs and > Jon.Kibler if you are going to be talking about domain names this > hurricane season, thats the message I want to get out to folks. > > While its probably most likely these domains are malicious, its wrong > to list them, so publically in this fashion until you know 100% what > the reason is for each domain. > > All the best, > > n3td3v > > -- > computer security protection news alert system, keep messages short > for cellular devices. > https://groups.google.com/group/n3td3v > As for domain name retailers being named and shamed on funsec, I would be taking legal action at this stage if I was a domain name retailer, and if that list appeared on the Nanog mailing list BEFORE an offence was commited, as I know attention seekers like Gadi Evron are so tempted to do on Nanog, i'd be kicking up an even bigger fuss about it all. So drive with caution before distributing lists of domain names and web domain companies before actually doing it. If such lists appear on Nanog, a real outcry will happen... thats a message to Gadi Evron, because I know he's going to be tempted to press send to the ISP community, to look like the leader of info sec in the eyes of the ISP / LEO mailing lists. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
On Sun, 31 Aug 2008 00:51:50 BST, n3td3v said: > herders to use. I don't know if thats what the Dancho Danchev blog > post is about because I refuse to read anything by him or Zdnet. OK, so you don't know if what we're talking about is what you're talking about, you refuse to find out, but you keep on going anyhow. C M Kornbluth was right. pgpC9Yq9cODUP.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
All i'm saying is, don't copy these idiots, Marcus Sachs and Jon.Kibler if you are going to be talking about domain names this hurricane season, thats the message I want to get out to folks. While its probably most likely these domains are malicious, its wrong to list them, so publically in this fashion until you know 100% what the reason is for each domain. All the best, n3td3v -- computer security protection news alert system, keep messages short for cellular devices. https://groups.google.com/group/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvin g Economy
--On August 31, 2008 2:43:32 AM +0300 Razi Shaban <[EMAIL PROTECTED]> wrote: If nothing else, CAPTCHA is increasing the bad guys' costs of doing business, and that's a good thing. By two dollars per thousand email addresses. Yahoo allows 100 emails per hour. That means that they're spending two dollars to send 2,400,000 emails per day. Sounds pretty expensive to me. Try reading. I never said it made it expensive. I said it *increased* their cost of doing business. Every penny they spend on de-CAPTCHA is one less penny in their pockets. Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying p7sxDlG2PCA7x.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gustav, domain name reportage
On Sun, Aug 31, 2008 at 2:57 AM, n3td3v <[EMAIL PROTECTED]> wrote: > http://linuxbox.org/pipermail/funsec/2008-August/018318.html > http://isc.sans.org/diary.html?storyid=4954 > > Hi, > > I think its wrong for you to name and shame these domain names, and > specify places people live (funsec), seeing as these folks have done > nothing wrong. > > Guilty until proven innocent, is that how it works in cyber security land? > > Completely out of order... > > All the best, > > n3td3v > > -- > computer security protection news alert system, keep messages short > for cellular devices. > https://groups.google.com/group/n3td3v > * Now talking in #n3td3v [03:11] [Full-disclosure] Gustav, domain name reportage [03:11] http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064132.html [03:15] I don't get your post. [03:16] the past disasters demonstrate the abuse of domains like this. [03:16] yet those domains are only parked domains just now [03:16] no law broken [03:17] dshield is just being proactive. [03:17] it could even be the government or a security company etc buying the domains so they can't be bought [03:17] that's what I suggested earlier to do. [03:18] so why name and shame and then the funsec post starts posting where people live [03:18] completely outragous when technically nothing has been done wrong (yet) [03:18] they just put cities.. not people's names. [03:19] its bad enough [03:19] the scumbags are just waiting for the storm to hit. [03:19] even you're calling them scumbags before you even know the reason for the domains [03:19] What other reason would there be? [03:19] technically you shouldn't do it until something has been commited [03:20] Innocent until proven guilty only applies in law/courts. I can call them whatever I want. [03:20] and then i call you a twat [03:20] sorry [03:20] its not very professional [03:21] to name and shame before an fofence has been commited [03:21] You actually think these will be legitimate sites? [03:21] offence* [03:21] its not for me or anyone else to judge until something actually happens, and certainly not put on a high profile sans diary [03:22] maybe on backchannels and in private [03:22] but not so publically [03:22] until an offence is commited [03:22] once an offence is commited, shout to the hills about it [03:23] by then 5 million spam mails are already sitting in people's inboxes. [03:23] so you're saying these domains should be cancelled? [03:23] no. [03:23] what the fuck! [03:23] I'm saying they should be closely watched. [03:24] but not talked about on a sans diary or published on funsec until something happens [03:24] This is the information gathering phase. It's too late to start that after the storm hits. [03:25] information gather in private until someone does something wrong [03:27] can i put this transcript on f-d? [03:28] ok [03:28] What value will it add there? [03:28] you don't care? [03:30] brb, i'm going to post... [03:30] no [03:30] your nickname will come up on google [03:30] ok [03:31] brb then... i'm going to post ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gustav, domain name reportage
http://linuxbox.org/pipermail/funsec/2008-August/018318.html http://isc.sans.org/diary.html?storyid=4954 Hi, I think its wrong for you to name and shame these domain names, and specify places people live (funsec), seeing as these folks have done nothing wrong. Guilty until proven innocent, is that how it works in cyber security land? Completely out of order... All the best, n3td3v -- computer security protection news alert system, keep messages short for cellular devices. https://groups.google.com/group/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [PLSA 2008-33] [UPDATED] Opensc: Security Bypass
Pardus Linux Security Advisory 2008-33[EMAIL PROTECTED] Date: 2008-08-31 Severity: 2 Type: Remote Summary === [UPDATE]: Last security update with OpenSC 0.11.5 had a small glitch due to a strict check, so this version fixes that issue. A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions. Description === The security issue is caused due to the application improperly setting the ADMIN file control information to "00" while initializing smart cards having a Siemens CardOS M4 operating system. This can be exploited to change a user PIN code without having the PIN or PUK if the smart card was initialized with OpenSC. Affected packages: Pardus 2008: opensc, all before 0.11.6-7-2 Resolution == There are update(s) for opensc. You can update them via Package Manager or with a single command from console: pisi up opensc References == * http://bugs.pardus.org.tr/show_bug.cgi?id=8066 * http://permalink.gmane.org/gmane.comp.security.oss.general/863 * http://www.opensc-project.org/pipermail/opensc-announce/2008-July/20.html * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235 * http://secunia.com/advisories/31330 -- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [PLSA 2008-32] Mono: Cross Site Scripting
Pardus Linux Security Advisory 2008-32[EMAIL PROTECTED] Date: 2008-08-31 Severity: 2 Type: Remote Summary === Juraj Skripsky has reported a vulnerability in Mono, which can be exploited by malicious people to conduct HTTP header injection attacks. Description === The vulnerability is caused due to the Sys.Web module not properly sanitising certain parameters before using them in HTTP responses. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site. Affected packages: Pardus 2008: mono, all before 1.2.6-17-2 Resolution == There are update(s) for mono. You can update them via Package Manager or with a single command from console: pisi up mono References == * http://bugs.pardus.org.tr/show_bug.cgi?id=8069 * https://bugzilla.novell.com/show_bug.cgi?id=418620 * http://secunia.com/advisories/31643/ -- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
I must stress this isn't breaking news, its been going on for years... All the best, n3td3v https://groups.google.com/group/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
On Sat, Aug 30, 2008 at 10:35 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On August 30, 2008 1:57:32 PM -0700 coderman <[EMAIL PROTECTED]> wrote: > >> On Fri, Aug 29, 2008 at 1:08 PM, Dancho Danchev >> <[EMAIL PROTECTED]> wrote: >>> >>> ... Indian workers breaking MySpace and Google >>> CAPTCHAs, >> >> OH MY GOD SIR >> >> someone should make this illegal!!! >> >> (then CAPTCHA would be secure...) >> >> >> *cough* >> > > If nothing else, CAPTCHA is increasing the bad guys' costs of doing > business, and that's a good thing. > At least its giving hundreds of thousands of poor indians employment, by paying them to manually create internet accounts for bot net herders to use. I don't know if thats what the Dancho Danchev blog post is about because I refuse to read anything by him or Zdnet. This activity of the bad guys employing poor internet users from developing countries isn't new. The bad guys, they target the folks in the developing countries to spend all day signing up web accounts manually, as they don't need to pay them an awful lot of money to do it, and they don't need to care about CAPTCHAs, because the poor citizens of the developing countries are entering the legitimate CAPTCHA word manually on behalf of the bad guys. There is a whole industry for it out there, and the folks in the developing countries don't mind helping out because they don't have much money and are pretty desperate, and to be honest, they don't actually know a lot of the time the scale of the operation they are getting involved in but they probably don't really care. All the best, n3td3v https://groups.google.com/group/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
> > If nothing else, CAPTCHA is increasing the bad guys' costs of doing > business, and that's a good thing. > By two dollars per thousand email addresses. Yahoo allows 100 emails per hour. That means that they're spending two dollars to send 2,400,000 emails per day. Sounds pretty expensive to me. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvin g Economy
--On August 30, 2008 1:57:32 PM -0700 coderman <[EMAIL PROTECTED]> wrote: On Fri, Aug 29, 2008 at 1:08 PM, Dancho Danchev <[EMAIL PROTECTED]> wrote: ... Indian workers breaking MySpace and Google CAPTCHAs, OH MY GOD SIR someone should make this illegal!!! (then CAPTCHA would be secure...) *cough* If nothing else, CAPTCHA is increasing the bad guys' costs of doing business, and that's a good thing. Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying p7sdm7l5XtpJ4.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
On Fri, Aug 29, 2008 at 1:08 PM, Dancho Danchev <[EMAIL PROTECTED]> wrote: > ... Indian workers breaking MySpace and Google > CAPTCHAs, OH MY GOD SIR someone should make this illegal!!! (then CAPTCHA would be secure...) *cough* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] Honeypot?
The network I monitor was getting scanned by the below IP. It stopped now though :) On 8/30/08 12:02 PM, "Exibar" <[EMAIL PROTECTED]> wrote: > so do you work for Salsoft, or are you trying to break into a machine owned by > them? > > If it's a network you monitor, meaning you have direct responsibility for, > wouldn't you already know if it's a honeypot? > > sounds fishy that you have to ask > > Exibar > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of James Lay > Sent: Saturday, August 30, 2008 1:26 PM > To: Full-disclosure > Subject: [inbox] [Full-disclosure] Honeypot? > > So...one of the networks I monitor has this ip: > > 66.139.73.183 > > Doing netbios scans on it. A cursory inspection shows it as a win2003 > box...that¹s WIDE open. Could this be a honeypot that¹s been compromised? > > Curious ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] Honeypot?
so do you work for Salsoft, or are you trying to break into a machine owned by them? If it's a network you monitor, meaning you have direct responsibility for, wouldn't you already know if it's a honeypot? sounds fishy that you have to ask Exibar _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Lay Sent: Saturday, August 30, 2008 1:26 PM To: Full-disclosure Subject: [inbox] [Full-disclosure] Honeypot? So...one of the networks I monitor has this ip: 66.139.73.183 Doing netbios scans on it. A cursory inspection shows it as a win2003 box...that's WIDE open. Could this be a honeypot that's been compromised? Curious ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Honeypot?
So...one of the networks I monitor has this ip: 66.139.73.183 Doing netbios scans on it. A cursory inspection shows it as a win2003 box...that¹s WIDE open. Could this be a honeypot that¹s been compromised? Curious ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] hackmeeting: call for participation
The Call for Papers for the Hackmeeting 2008 to be held in Palermo, Sicily is now open. Hackmeeting is the gathering of all the hackers communities spread around Italy since 11 years ago, it's a three-days happening with workshops, speeches, knowledge sharing in the spirit of the “put your hands on” philosophy with a grassroots approach. We gather in a squat called Ask, from the 26th to the 28th Sept. We stand for free speech and free access to technologies. You can refer to our website for details (www.hackmeeting.org) and to our mailing list ([EMAIL PROTECTED]) for discussions. We accept submissions both in English and Italian. This year's Italian events, like the change of the Italian government, repressive acts like the widespread wiretapping practice, and military presence for police-like duties on the urban territory makes us even more needy of an act towards free speech, against media control, encouraging the development and use (in a word: the culture) of technological tools for this purpose. On the other side, the lack of a fully mature technological consciousness has led Italy to big problems with waste management. We would like to contribute to this need for technological wisdom, speaking about sustainable computing and trashware, and spreading the consciousness about technological limits. We'll accept any submission that arrives by the 20th of sept for the official schedule, but it is neither rare nor surprising to see people organizing spontaneously in any corner of the meeting space for any kind of hacking activity. Anyone is free to bring what they would like to find, and to enjoy this three-days experience among hackers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy
Hello, The following article aims to expose a booming CAPTCHA solving economy in India, employing thousands of legitimate data processing workers, whose business model is already being abused by cybercriminals paying pocket money for using it : "Let's analyze the shady data processing economy of India, discuss exclusive photos of Indian workers breaking MySpace and Google CAPTCHAs, and take a tour inside the web applications of several Bangladesh based franchises, whose team of almost 1,000 international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook's CAPTCHA, promising to deliver 250k solved CAPTCHAs per day on a "$2 for a 1000 solved CAPTCHAs" rate. One of the services in question is the India based decaptcher.com, which will allow you to retrieve its API once you putIndia CAPTCHA breakers money in their PayPal account." http://blogs.zdnet.com/security/?p=1835 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
