?

Log in

No account? Create an account
September 6th, 2006 - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2006-09-06 01:55
  Subject:   [MeFi] Pakistan signs peace treaty with Al Qaida, Bush II adm gives Pakistan huge extra aid package.
Public
  Mood:Tac Nuke - DC - Now!
  Music:RAtM - Know Your Enemy

If he is in Pakistan, bin Laden "would not be taken into custody," Major General Shaukat Sultan Khan told ABC News in a telephone interview, "as long as one is being like a peaceful citizen."

The Pakistani military is striking truces with Islamic separatists along the country's border with Afghanistan, freeing Pakistani militants and al-Qaida fighters to join Taliban insurgents battling U.S.-led troops and government forces in Afghanistan..... when the military failed to crush the separatists, the Bush administration agreed to support Pakistan's truce-making efforts and pledged millions of dollars in additional aid.


http://www.metafilter.com/mefi/54536

Parody is absolutely obseleted by this administration... "Hey, what do you think we should do with Osama, that guy who crashed the planes into the WTC on 9/11?" "Uh, how about, we give the country he's hiding in, who just signed a peace treaty with his terrorist organization, millions of dollars?"


Can I get a "Testify"? Plz?
2 Comments | Post A Comment | | Link



Ben Cantrick
  Date: 2006-09-06 20:52
  Subject:   A big FU to spammers: Ben's email address goes whitelist.
Public
  Mood:plotting
  Music:Blue Oyster Cult - Veteran of the Psychic Wars

Since I'll soon be getting a new email address for the first time in a decade, I'm thinking about what I can do to avoid spam. I didn't have complete control over web, email and other services at my old ISP, but I will at the new place. I'm planning to go to what I consider close to the ultimate Fuck You to spammers: I'm going to impose a whitelist on my email address and only email addresses on the whitelist will get through.

I don't want to actually prevent legit email from people I didn't previously know from reaching me, though. So I need an error recovery mechanism. The best one I've seen is to send an email back to the rejected address, with the URL of a web page that contains a captcha. The user can load up the page and solve the captcha, and then their email address will be added to the whitelist. This way they only have to go through the trouble once.

Distorted number-letter captchas were broken a few months ago by a researcher. I can't find the Slashdot story, but PWNtcha should be convincing enough. So I think I'd rather use something akin to kitten-auth. You'll basically have to load up a CGI script that will serve an image and a form. The <img=> URL will be a symlink dynamically generated on a random basis at run time, so spam-bots won't be able to read the text in the tag and auto-gen it. If I'm feeling really malicious, I might even put an intentionally fake word as the text in the img tag, and auto-ban any IP address that types in the obviously fake name. There are also a couple other tricks I can apply here that I won't mention in public.

The end result of this, I'm hoping, is that I'll be able to spread my email address far and wide without using any of the obnoxious obsfucation that I've engaged in for the last decade, but the spammers will still get bounces. I'll put the email addresses of everyone I know in the whitelist initially, of course. So hopefully almost nobody who I've ever emailed before will have to do the captcha.

We'll see how it all works out. There's a story on /. today about spammers paying people $0.60/hr to solve captchas. I don't believe I'm clever enough to create a captcha that is solveable only by my friends and no other human beings in the world. Kitten-auth and similiar schemes are designed to block bots, not human beings. If they can afford to hire people, I'm sunk. But I suspect they won't go to the trouble to hire a person just to spam me. And of course I can manually delete addresses from the whitelist if they do manage to sneak through once in a while.

Basically, I'm just looking to make their lives hard. See, the spam wars in general is an arms race. The technology on both sides gets continuously more sophisticated, but nobody ever really wins. That said though, I'm more than happy to build and test weapons if I know they're for the good guys. Anything I can do to hurt the spammers is a good thing.

Edit: Looks like ESP-PIX is about as good as I'm going to get for an off the shelf solution. I should probably make my own image and word database though, since the security of the captcha depends on the secrecy of the image and word database. If I want to be really smart, I should make sure none of the images I use are in Google Image Search.

Edit 2: Wanna know why people still spam? How does 3/4 of a million per month sound?
21 Comments | Post A Comment | | Link






browse
May 2015