Tag Archives: captcha

Time for Yahoo to Close Groups?



It’s another Monday and seems to be another day of inbox Spam. However, I’ve noticed recently how more and more spam groups are being created on Yahoo! and joining me. They basically say the same thing:

I’ve added you to my akljsdfklj group. a free Yahoo! Group to send and receive group messages.

Description: asdflkhasdf

To gain access, click the link…

This is another reason that Yahoo! just doesn’t care about their product. I use Google Groups all the time and don’t get any spam messages like this. Yet, every week I am removing stupid posts like in the image.

Where is the confirmation? I really have to click on a link and tell them this group is spam? Why not have some protocols in place to avoid me getting annoyed like this?

Here are some ideas that anyone running a group website could implement:

1. Multiple fields on form

Make them fill out more information than your name and small description. Make them enter in some contact information. Require a description field to be 20 words or more (not just characters). Have an algorithm determine if the description is jibberish or actually says something.

2. CAPTCHA

It’s annoying, but in a way, it’s meant to be annoying. That way, you know someone is human. Yahoo! does have some CAPTCHA algorithms that they could use in this group. It also kills the bots attempts to register groups.

3. Confirmation

Email confirmation means they have to register an email address first. That might also stop some bots from creating groups.

These are not revolutionary ideas. They have been used before and can be used again. The more we can stop spammers and bots, the less phishing scams and malware can be created. When that happens, people and companies save millions of dollars.

So Yahoo! – If you’re just going to let it continue, then why not shut down YahooGroups and get out of the business. It’s what you’re doing anyway…


CAPTCHA on a Router?



D-Link has created the first router that makes you answer a CAPTCHA word before you can do anything on the router. It’s an interesting idea – you change the IP address, you add a CAPTCHA. It does thwart Bots from breaking into the system, but is it really necessary?

Captcha

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” – of course it’s that annoying word (or words) you have to enter that is all distorted. You may have to enter it once, you may have to enter it every time you post or change settings. Sometimes CAPTCHA can get really hard to read – there are times you just have to refresh the CAPTCHA because the words are just not legible.

CAPTCHA has been broken, too. Using OCR the bots can read and relay the word. Therefore, the more blurred the word(s), the harder it is to break.

D-Link put out the following statement:

In response to the growing number of these attacks and subsequent user security concerns, D-Link has integrated CAPTCHA – a system, designed to detect whether responses are human or computer-generated – into its popular home and small office routers as an extra safety measure. CAPTCHAs are used to prevent malicious software from performing actions that degrade the quality of service on a network, such as those found in worms, viruses and Trojan horses.

So why CAPTCHA on the router? Well, this is mostly for those that use their routers on more than pushing out wireless access. I have my router set up so I can remote into my main machine if need be. I use the router to collect some data. I also have the router blocking certain things so people cannot do items like download torrents.

Unlike other brands, the majority of D-Link® routers are not as easy to be compromised since our design is proprietary. However, we’re excited to be the first in the market to announce we have taken the initiative to implement CAPTCHA into our routers, thus providing yet another layer of security to our customers,” said AJ Wang, chief technology officer of D-Link. Popular D-Link router models that now feature CAPTCHA include the DIR-615, DIR-625, DIR-628, DIR-655, DIR-825, DIR-855, DIR-685, and DGL-4500.

Design might be proprietary, but it just means it’s more of a challenge for the programmer to break. Then again, @_Good_P@s$w0rd_woRks_a_1ot_b3tter (a good password works a lot better). And believe it or not – a password like the one I just emulated here is just as memorable as “Password1”.

Personally, it’s not a selling point for me. Routers that focus on plugging their security holes and giving you more managability is what I want. Not an annoying word that I might not be able to read.