Yahoo Messenger, Blogger and Captcha Security

Captcha’s I remember when they came out it was the big thing at the time, this was going to stop spam bots and all other unwanted bots etc., but a few smart folks were not convinced and pointed out in their blogs/web sites etc that captcha’s was not the ultimate solution, and guess what as we all know today they are not. At first Captcha’s were great as it did stop bot software from being able to register thus spam bot programs suddenly disapeared from forums and so forth. Now if a spammer wanted to spam let’s say a forum they would have to register a fake id and required fields themselves, not exactly how spammers like to work and even though some spammers did do just that it was a slow process and they suddenly lost the ability to spam hundreds if not thousands for internet services in a shot. Awesome. That of course as anyone who runs a forum already knows did not last long, the scum that write programs for spammers were already working on a way to get around this problem, but even worst computer geeks who saw this as an interesting challenge that they just could not resist were also working on ways to break captcha, and they did. So it was not long before spammers started hitting forums etc. again, even programs like jDownloader which allows you to download files from services like megaupload.com, depositfiles.com etc. uses anti-captcha code to deal with captcha’s that sercives like megaupload.com use. Fortunately folks who write forum, blogging etc. code are very smart and they worked out ways to deal with spammers, and very successfully at that may I add. Even Google’s gmail.com service does a great job of handling spam, my gmail e-mail address does receive some spam and all of it ends up in the spam folder. It is very rare that a spam e-mail actually gets through.

Which then brings me to blogger. When I decided to close my web server I wanted to continue blogging and since before I created my own web server and my own blog using WordPress I was using blogger. So at first I went straight to blogger to create my new blog, but I failed. To create my blog I would at one point have to enter a captcha but I could not read the letters in the captcha image.  Here’s a screen shot of one of the captcha’s I had to deal with.What the hell batman, so I took a guess lantleinz and guess what wrong guess. So on my second attempt I still could not read the captcha so I clicked on the disability icon figuring I’ll just listen to the letters and problem solved. Unfortunately I would of needed to install Apple Quick Time to use this feature and there’s no chance in hell I’m installing Quick Time. So I made a few other attempts and ran into the exact same problem, a captcha that no human can read and failed to be able to create a blog with blogger. But then maybe that’s Google’s goal, to keep all humans out hehe. Now there is good news in this, since I could not create a blog with blogger I did a Google search on blogs and found WordPress.org. Doh, I should of come to that result myself since I was using WordPress on my own web server. So now I use WordPress.org for my blog and I really do like it a lot, I even love the theme I’ve chosen, so this is where I’ll stay

And finally that brings me to Yahoo Messenger. ICQ was at first the chat program that ruled it all, but then AOL bought ICQ and pretty much messed up a really good thing so not long after we all migrated to Yahoo Messenger making it the number one chat program. Now Yahoo Messenger was not a well written program this was very clear, even using a simple program like Registry Monitor from SysInternals you can see Yahoo Messenger will read/write to the registry over 1,000 times per second which is an indication that Yahoo did not concern themselves with witting good code. And with every update and new release Yahoo Messenger it took longer to load and ate resources like it was unlimited. Then throw in the crappy software security which allowed spam bots and booters to have their way for years. As a result most folks had a love hate relationship with Yahoo Messenger and this allowed other companies to introduce their chat programs and have great success at the expense of Yahoo, it’s really hard to be loyal to Yahoo Messenger when you were being left with the impression that Yahoo just did not care about you. So I always believed that Yahoo did not care about security, then in August of 2007 Yahoo introduced Captcha’s to Yahoo Messenger, when you wanted to enter a chat room you first had to go through a captcha and if you were successful in the room you went. At this point it was no secret to anybody in security that this was not a good solution but I figured since Yahoo did not care about it’s users on Yahoo Messenger they did not bother getting the advice etc. from a security expert, they instead decided to just throw something at the problem to make it look good. At first the captcha partially worked, but surprise it wasn’t long before the folks who wrote the spam bots for Yahoo Messenger and the booters would simply add already available anti-captcha code to their programs and viola the chat rooms were once again ruled by spam bots and booters. Something you can see for yourself at anything, for really quick results with spammers enter one of the adult rooms. What’s frustrating here is that there are tons and tons of white papers and information of very effective solutions to this program that Yahoo could easily implement and have great success with both the spam bot and booter problems with only the once and a while problem that could easily be dealt with. Well was I ever shocked to learn that 2 months after Yahoo implemented the captcha’s, about the same time booters and spam bots started to make their slow comeback that on Yahoo’s own Yahoo Messenger Blog they announced that Richard Sinn, a software security expert who’s on the Yahoo Messenger team wrote a book about software security, check out the blog entry here and see for yourself http://www.ymessengerblog.com/blog/2007/10/23/kudos-for-the-team/

Aha that brings me back to the comment I made earlier about Yahoo not really caring about it’s users in their chat room but instead just throwing something at the problem to make it look good, to make it look for a new book release. So what about the book that Richard Sinn wrote, well not long after it’s release it was being ridiculed by real software security folks, I just could not find any reviews from anybody in the software/hardware security fields who had anything positive to say about the book. So I’m starting to get a real good idea on why Yahoo has not been able to solve their security problems even when a simple search on the internet will expose several white papers, example pseudo code and so forth of real solutions that are being effectively used.

So now that I’ve pretty much come to the conclusion that the problem with spam bots and booters in Yahoo chat rooms will never be solved partially because of a security expert who is not and partially because I still believe that Yahoo does not care that brings me to the problems with the captcha’s I have to jump through to join a room, once again I do sometimes have problems with them. Here’s screenshots of two captions I had to jump through, check out what I entered.

Well it turns out I got both of them wrong, take another look what do you think the letters in the captcha are ? I do know that after making a few attempts to try and enter a chat room and failing because I just could not figure out the captcha’s that I just gave up closed Yahoo Messenger and went to a forum on electronics and chatted away there. I haven’t used Yahoo Messenger in a few days and I’m really not interested at least not right now to use it anytime soon knowing that I could end up finding myself frustrated again with captcha’s.

Ooh it does feel good to vent my frustration with captcha’s at least with Blogger and Yahoo Messenger

Advertisement

September 5, 2009 - Posted by kbsoftware | Uncategorized