Re: RE: [Asrg] 2. C/R - Exploits
"Jon Kyme" <jrk@merseymail.com> Tue, 03 February 2004 17:06 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18635 for <asrg-archive@odin.ietf.org>; Tue, 3 Feb 2004 12:06:56 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ao40K-0000Ni-S7 for asrg-archive@odin.ietf.org; Tue, 03 Feb 2004 12:06:28 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i13H6Sv8001460 for asrg-archive@odin.ietf.org; Tue, 3 Feb 2004 12:06:28 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ao40K-0000NT-Le for asrg-web-archive@optimus.ietf.org; Tue, 03 Feb 2004 12:06:28 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18565 for <asrg-web-archive@ietf.org>; Tue, 3 Feb 2004 12:06:25 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Ao40J-0000qP-00 for asrg-web-archive@ietf.org; Tue, 03 Feb 2004 12:06:27 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ao3zO-0000i2-00 for asrg-web-archive@ietf.org; Tue, 03 Feb 2004 12:05:30 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1Ao3yR-0000Y7-00 for asrg-web-archive@ietf.org; Tue, 03 Feb 2004 12:04:31 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ao3wz-0008NX-4G; Tue, 03 Feb 2004 12:03:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ao3wf-0008Kg-9a for asrg@optimus.ietf.org; Tue, 03 Feb 2004 12:02:41 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18250 for <asrg@ietf.org>; Tue, 3 Feb 2004 12:02:38 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Ao3we-0000Jr-00 for asrg@ietf.org; Tue, 03 Feb 2004 12:02:40 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ao3ve-0000E0-00 for asrg@ietf.org; Tue, 03 Feb 2004 12:01:39 -0500
Received: from argon.connectinternetsolutions.com ([193.110.243.33] helo=argon.connect.org.uk) by ietf-mx with esmtp (Exim 4.12) id 1Ao3vN-00008G-00 for asrg@ietf.org; Tue, 03 Feb 2004 12:01:21 -0500
Received: from mmail by argon.connect.org.uk with local (connectmail/exim) id 1Ao3vH-00017l-SY for asrg@ietf.org; Tue, 03 Feb 2004 17:01:15 +0000
In-Reply-To: <006201c3ea6f$d25b15c0$6401a8c0@sohonotebook>
Subject: Re: RE: [Asrg] 2. C/R - Exploits
To: ASRG <asrg@ietf.org>
From: Jon Kyme <jrk@merseymail.com>
X-Mailer: [ConnectMail 3.10.1]
X-connectmail-Originating-IP: 172.25.243.3
Message-Id: <E1Ao3vH-00017l-SY@argon.connect.org.uk>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Tue, 03 Feb 2004 17:01:15 +0000
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL, HTML_MESSAGE autolearn=no version=2.60
> > I'd be mildly interested to better understand the CRI exploits: > http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt > > > This document expires next month...there has been little to no > discussion nor interest of this draft (nor any others which I have > seen). We are a research group that is to produce research for the IETF > rather than merely exchange ideas. Not specifically C/R - but following on from a previous thread, I'm trying to track down the "porn-pay" CAPTCHA exploit. I had a prompt and helpful response from Byron Spice, I'm hoping to hear back from Luis von Ahn at CMU. Greg Mori of UC Berkeley Computer Vision Group has some pages oulining a method used to break Gimpy, the CAPTCHA used at Yahoo! http://www.cs.berkeley.edu/~mori/ I would guess the CRI draft needs some revision, <strike>consent</strike> at least :-) -- _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- [Asrg] 2. C/R - Exploits for CAPTCHAs Yakov Shafranovich
- Re: [Asrg] Its all over for Challenge Response Philip Miller
- Re: [Asrg] 2. C/R - Exploits for CAPTCHAs Jon Kyme
- Re: [Asrg] Its all over for Challenge Response Art Pollard
- RE: [Asrg] Its all over for Challenge Response Eric Dean
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Eric Dean
- Re: [Asrg] Its all over for Challenge Response Paul Tenny
- Re: [Asrg] Its all over for Challenge Response Alan DeKok
- Re: [Asrg] Its all over for Challenge Response Paul Tenny
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Jon Kyme
- Re: [Asrg] Its all over for Challenge Response Brett Watson
- Re: [Asrg] Its all over for Challenge Response Walter Dnes
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- [Asrg] 2. C/R - Exploits Yakov Shafranovich
- Re: [Asrg] 2. C/R - Exploits Jon Kyme
- RE: [Asrg] 2. C/R - Exploits Eric Dean
- Re: RE: [Asrg] 2. C/R - Exploits Jon Kyme
- Re: [Asrg] Its all over for Challenge Response Walter Dnes
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Andreas Saurwein
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- RE: [Asrg] Its all over for Challenge Response Chris
- Re: [Asrg] Its all over for Challenge Response Philip Miller
- Re: [Asrg] Spooked mail addresses David Maxwell
- RE: [Asrg] Its all over for Challenge Response Andreas Saurwein
- Re: [Asrg] Its all over for Challenge Response Andreas Saurwein
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Andreas Saurwein
- RE: [Asrg] Its all over for Challenge Response Eric D. Williams
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Andreas Saurwein
- RE: [Asrg] Its all over for Challenge Response Mark Baugher
- RE: [Asrg] Its all over for Challenge Response Chris
- [Asrg] Spooked mail addresses Christopher Bird
- Re: [Asrg] Spooked mail addresses Alan DeKok
- RE: [Asrg] Its all over for Challenge Response Andreas Saurwein
- Re: [Asrg] Its all over for Challenge Response Paul Tenny
- 1a Inventory of Problems - Re: [Asrg] Spooked mai… Bart Schaefer
- Re: [Asrg] Spooked mail addresses Peter Sergeant
- [Asrg] Re: 2. C/R - Exploits Jon Kyme
- Re: [Asrg] Spooked mail addresses Peter Sergeant
- Re: [Asrg] Spooked mail addresses Peter Sergeant
- Re: [Asrg] Spooked mail addresses Jon Kyme
- Re: [Asrg] Spooked mail addresses David Maxwell
- Re: [Asrg] Spooked mail addresses George Schlossnagle
- Re: [Asrg] Spooked mail addresses Harry Tabak
- Re: [Asrg] Spooked mail addresses Peter Sergeant
- Re: [Asrg] Spooked mail addresses Mark Foster
- Re: [Asrg] Spooked mail addresses Za'mbori, Zolta'n
- Re: [Asrg] Spooked mail addresses David Maxwell
- [Asrg] 3a. Requirements - User Needs Yakov Shafranovich
- Re: [Asrg] Spooked mail addresses Seth Breidbart
- RE: [Asrg] Its all over for Challenge Response Bob Atkinson
- RE: [Asrg] Its all over for Challenge Response Eric D. Williams
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- RE: [Asrg] Its all over for Challenge Response Bob Atkinson
- Re: [Asrg] Its all over for Challenge Response Roger B.A. Klorese
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- Re: [Asrg] Its all over for Challenge Response Roger B.A. Klorese
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Walter Dnes
- Re: [Asrg] Spooked mail addresses Alan DeKok
- Re: [Asrg] Spooked mail addresses Alan DeKok
- Re: [Asrg] Spooked mail addresses Alan DeKok
- Re: [Asrg] Spooked mail addresses Seth Breidbart
- re: [Asrg] Its all over for Challenge Response AccuSpam
- Re: [Asrg] Spooked mail addresses Alan DeKok
- Re: [Asrg] Its all over for Challenge Response Alan DeKok
- Re: [Asrg] Spooked mail addresses Seth Breidbart
- Re: [Asrg] Spooked mail addresses Alan DeKok
- RE: [Asrg] Its all over for Challenge Response Tom Thomson
- RE: [Asrg] Its all over for Challenge Response Tom Thomson
- re: [Asrg] Its all over for Challenge Response AccuSpam
- re: [Asrg] Its all over for Challenge Response Andreas Saurwein
- re: [Asrg] Its all over for Challenge Response AccuSpam
- Re: [Asrg] Spoofed mail addresses; envelope and h… Matthew Elvey
- Re: [Asrg] Spooked mail addresses Alan DeKok
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Andreas Saurwein
- Re: [Asrg] Its all over for Challenge Response Alan DeKok
- Re: [Asrg] Its all over for Challenge Response Dave Crocker
- Re: [Asrg] Its all over for Challenge Response Seth Breidbart
- Re: [Asrg] Its all over for Challenge Response Alan DeKok
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Mark Baugher
- Re: [Asrg] Its all over for Challenge Response Yakov Shafranovich
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- Re: [Asrg] Its all over for Challenge Response Yakov Shafranovich
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- RE: [Asrg] Its all over for Challenge Response Mark Baugher
- RE: [Asrg] Its all over for Challenge Response Hallam-Baker, Phillip
- [Asrg] 3b. SMTP Session Verification - STARTTLS Yakov Shafranovich
- RE: [Asrg] Its all over for Challenge Response Mark Baugher
- [Asrg] Re: 3b. SMTP Session Verification - STARTT… Yakov Shafranovich
- Re: [Asrg] Its all over for Challenge Response Alan DeKok
- [Asrg] Re: 3b. SMTP Session Verification - STARTT… Mark Baugher
- [Asrg] Re: 3b. SMTP Session Verification - STARTT… Mark Baugher
- Re: [Asrg] Its all over for Challenge Response Jon Kyme