Who: Jake Munson Company: Idaho Power Website: Location: Kuna, ID Attack of the spam bots.

Slides:

Advertisements

Similar presentations

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.

Advertisements

Using NIMAC 2.0: The Accessible Media Producer Portal NIMAC 2.0 for AMPs.

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

Rev SYBASE ASE: MDA TABLE ASSISTANT Sybase Administration Tools available at: mailto:

23-Aug-14 HTML/XHTML Forms. 2 What are forms? is just another kind of XHTML/HTML tag Forms are used to create (rather primitive) GUIs on Web pages Usually.

Concept Proposal for a Third Generation Online Community of Practice Platform By R.A. Dalton, MKMP, Master Facilitator Office Phone (870) (Mon-Fri.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Way to Success … Sta rt Sta rt Ak Technologies Mo | Visit.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Bayesian Theorem & Spam Filtering

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

Brought to you by the UCSB Web Standards Group (WSG)

Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.

What is a Web log (blog)? Skills: reading and searching a blog IT concepts: blog, subscription, one-to-many communication, wire-frame diagram, permalink,

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

How To Open an Account Tech Tools Project Joanna Conrad-Pacelli Last Updated: 6/3/11.

Marketing PE: Understand the use of direct marketing to attract attention and to build brand. PI: Explain the nature of marketing tactics.

S ELECTION OF WEB HOST AND WEB PAGE SYSTEM. W EB HOST stores all the pages of your website and makes them available to computers connected to the Internet.

How the World Wide Web Works

ICT Essential Skills. (electronic mail) Snail Mail.

Search Engine Optimization

The Paperless Classroom with Google Docs Eric Curts - North Canton City Schools ericcurts.com - - gplus.to/ericcurts.

Seattle Community Network How to use SCN to send and receive . Using the PINE Service Text based .

Communication Through Internet ADE100- Computer Literacy Lecture 25.

Final Lab - Spam Group 10: Scott Durr Stephen Thompson.

Mrs. Beth Cueni Carnegie Mellon

An Accessible CAPTCHA Chad Killingsworth Web Projects Coordinator.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

The Internet. An interconnected network of computers globally Computers are able to communicate and share information with one another from remote locations.

Exploration Seminar 3 Human Computation Roy McElmurry.

1 1 Best Practices for End Users Anti-Spam Research Group IETF 56 - San Francisco March 20, 2003 John Morris ftp://67.cdt.org/pub/ietf56-asrg-spamreport.ppt.

8/22/12 Adapting and Access to Social Media for People with Disabilities.

Wimba Presenters Guide North Dakota University System 2009.

 The World Wide Web is a collection of electronic documents linked together like a spider web.  These documents are stored on computers called servers.

Activating Clarity  Activating Clarity  Activation  Online Activation  Fax Activation  Review and Verify Activation and License Terms  Updating.

Input Tongue Drive System Virtual Keyboard Braille keyboard Output Screen Readers Printer Braille Printers.

A Technical Approach to Minimizing Spam Mallory J. Paine.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

CAPTCHA solving Tianhui Cai Period 3. CAPTCHAs Completely Automated Public Turing tests to tell Computers and Humans Apart Determines whether a user is.

ITCS373: Internet Technology Lecture 5: More HTML.

Preventing Automated Use of STMP Reservation System Using CAPTCHA.

Promotion of e-Commerce sites. A business which uses e- commerce to trade online must also advertise. Several traditional methods can be used, such as.

Introduction Spam in Society Spam IM Spam Text Spam Blog Spamming Spam Blogs.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

StopPreviousNext Internet training course Workbook 4 Introduction to Easy English workbook July 2010.

RUBRIC IP1 Ruben Botero Web Design III. The different approaches to accessing data in a database through client-side scripting languages. – On the client.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Advantages and disadvantages of TechMed using web 2.0 technologies. What is Web 2.0? Web 2.0 describes World Wide Web sites that use technology beyond.

 Carla Bates Technology and Education ED 505.  Social Media Sites are interactive webpages, blogs, and other user created sites that all others to create,

RYAN HICKLING. WHAT IS AN An messages distributed by electronic means from one computer user to one or more recipients via a network.

1 DIG 3134 Lecture 6: Maintaining State Michael Moshell University of Central Florida Media Software Design.

CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.

By: Steven Baker.  What is a CAPTCHA?  History of CAPTCHA  Applications of CAPTCHAs  Accessibility  Examples of CAPTCHAs  reCAPTCHA  Vulnerabilities.

Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008.

FORMS Explained By: Jasdeep Kaur. Lecturer, Department of Computer Application, PGG.C.G., Sector: 42, Chandigarh.

Building Progressive Communities Using Technology PDA National Field Team.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Billy Vivian Dr. Oblitey COSC  What is CAPTCHA?  History  Uses  Artificial Intelligence Relationship  reCAPTCHA  Works Cited.

CAPTCHA Presented by: Md.R ahim 08B21A Agenda Definition Background Motivation Applications Types of CAPTCHAs Breaking CAPTCHAs Proposed Approach.

SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.

Getting Started with... Business Partner Express

Are you Human?.

WHAT ARE THE STEPS TO SEND AN ATTACHMENT WITH YAHOO! MAIL?

Mrs. Beth Cueni Carnegie Mellon

Fighting the WebBots A webbot is a program that visits web sites for all kinds of purposes. For example, Google webbots make copies of all web sites for.

Teaching slides Chapter 6.

What is a Web log (blog)? Skills: reading and searching a blog

Week 7 - Wednesday CS363.

Presentation transcript:

Who: Jake Munson Company: Idaho Power Website: Location: Kuna, ID Attack of the spam bots

What is a spam bot? Any kind of spam that comes in through web forms. Comment spam in blogs Feedback forms Registrations forms

How do spam bots work? Automated software Directly attack form processor Cached forms This autosubmitter uses a huge database of forums, guestbooks, wikis and blogs to post messages...its ability to work around most types of 'captchas'. Manual spammers Armies of cheap labor

How do you stop them? Remove feedback options Moderation queues CAPTCHA The user has to prove they are human Emerging methods Make the spammer prove they aren't a spammer

CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Please enter the text you see in the image: The Good Can be very effective OCR software has difficulty reading the image Automated-no moderation is necessary CAPTCHA In ColdFusion Alagad Captcha- Lyla Captcha-

CAPTCHA The Bad Accessibility problems Captcha is designed to defeat automated screen readers Blind people use screen readers Linux problems Difficult, but not impossible, to run CF based Captchas on headless Linux #1 web design rule: Don't make me think-Steve Krug Captcha is designed to make the user think, which is bad for usability Some Captchas are so difficult the user needs to make multiple attempts Charlie Arehart discusses making Captcha easier s I don't use (Captchas) as a double-key deadbolt lock to keep out intruders, I just use them as a screendoor to keep out random pests

Programmatically Identify Spammers Users are innocent until proven guilty. Body of Evidence to Prove Innocence Mouse movement Keyboard usage Empty hidden field is empty Normal time to fill out form 1 or less URLs in form contents Form contents are not spammy

Mouse Movement Users move mice, spam bots don't

Keyboard Usage Users bang on keyboards, spam bots don't

3 Key More Clues The evidence is starting to pile up Empty hidden field is empty Spammers fill out all fields Normal time to fill out form Software is a lot faster than users 1 or less URLs in form contents Spammers like to...well, spam Dave Shuck's idea

The Final Straw If all else fails, call in the Dream Team If you want to use any of these ideas, use Akismet Similar to virus definitions You send form contents to a web service, it returns true or false Compares form contents to vast database of known form spam Community of web developers contributes to database Extremely accurate

If it walks like a duck... Users don't do spammy things Each test is unreliable by itself Many tests together can identify spammers CFFormProtect Others are doing it Ben Nadel- Be creative!

Questions?