25
Jul
2011
I’ve always had the snow memory are never use it for anything useful, however I thought I’d share with the world rather than keep it to myself. The impact is that a spammer can enumerate what should be hidden e-mail addresses with the aid of CAPTCHA cracking services such as deCAPTCHA.
Google Dork
site:mailhide.recaptcha.net inurl:d?k
You can use this query, or scan the web yourself looking for these URLs. The best way would be to create your own e-mail hiding script, one that is unique, that way spam bots won’t have a clue what they’re doing.
Spamming users of recaptcha would be a waste of energy they are very unlikely to succumb to offers of cheap Viagra. However social engineering attacks would still be viable.
2
Sep
2010
Bank: Hi I’m <name> from <bank> may I speak to Steven Roddis?
Me: Hi, I’m speaking.
Bank: We are doing a survey, to confirm who you are I need to ask you some questions, is that ok?
Me: Your going to ask me questions that only <bank> and I know, how do I know you are <bank>?
Bank: Um, I can give you my employee number or you can listen to our hold music.
Me: That can all be spoofed, I don’t want to be rude but this conversation can’t be authenticated without one of us taking a leap of faith. So I’ll end it here, have a nice day.
Bank: You too, good day.
I got this call just a week ago, however it just hit me. I am usually at my desk, one method of authenticating a call is for me to pick some numbers, a word or a phrase and they send this as a message on their internet banking site to me. So once I login I can see it. This of course doesn’t work if you call me outside. But the question is: why are you authenticating someone for a survey?