Tuesday, 28 April 2009

CAPTCHA me if you can!

Source: F-Secure Weblog

F-Secure has a brief report showing that Russian CAPTCHA cracking services offer a thousand CAPTCHA solutions for $1. These services are used to mass-register things like Gmail accounts, protected by CAPTCHA, for abuse purposes. And, ironically, Google's sponsored links include advertisements for CAPTCHA cracking services when you perform a search for terms like "crack captcha" or "break captcha". So, if Google's CAPTCHA fails to stop abuse, then they are at least getting a slice of the black-hat profits.

Friday, 24 April 2009

Temporal Correlations between Spam and Phishing Websites

Source: Light Blue Touchpaper

Tyler Moore and Richard Clayton of the University of Cambridge have released new research into whether the on-going availability of a phishing website results in on-going spam in relation to that site. The short answer is yes, meaning that prompt removal of phishing sites is important. Also, phishing seems to be divided into two main groups: "a cottage industry of fairly disorganized phishing attacks", and "a small number of organized gangs who use botnets for hosting, send most of the spam, and are extremely efficient on every measure we consider."

Thursday, 16 April 2009

Glut of Stolen Banking Data Trims Profits for Thieves

Source: Security Fix

"A massive glut in the number of credit and debit cards stolen in data breaches at financial institutions last year has flooded criminal underground markets that trade in this material, driving prices for the illicit goods to the lowest levels seen in years, experts have found."