On Mon, Jan 2, 2012 at 2:44 PM, John Levine <[email protected]> wrote: >>The reason I ask is Wiseguy Tickets Inc and their gaming of >>Ticketmaster's CAPTCHA system to buy tickets [1]. Eventually, Wiseguy >>Tickets was indicted, and the indictment included a an assertion, >>"[Wiseguy Tickets Inc] defeated online ticket vendors' security >>mechanisms" [2]. I'm not convinced CAPTCHA is a security system, and I >>definitely don't consider it a system to protect multi-million dollar >>assets. > > Law is not software. Ticketmaster's CAPTCHA is a security system in > the sense that it is obviously meant to keep out robo-purchasers. It > doesn't matter that CAPTCHAs are not impossible to defeat, it matters > that any reasonable person can understand what's going on. Perhaps this speaks volumes to incompetence. The Ticketmaster board appears to have chronic and progressive credibility problems [1]. Why would the senior leadership at Ticketmaster claim its a security system if it cannot protect anything? I imagine shareholders expect better performance from the company's well compensated leaders (take a look at the company's 10-K filings from http://phx.corporate-ir.net/phoenix.zhtml?c=194146&p=irol-SECTicketmaster).
> To draw a rough analogy, if I'm arrested for breaking into your house, > it is not a defense that I couldn't have done it if you had a stronger > lock on the door. Would it be my house, or closer to a public business like Home Depot or Walmart? (with the 'gaming' being me and my family walking into a public store and making separate purchases to avoid '1 item per household' limits, even though my family had no interest in the product). The problem I see with Tciketmaster's position is they hung a public service off a public internet, and then claimed foul after someone [cleverly] used it. Perhaps Ticketmaster's terms of service forbid the practice, in which case I would expect a civil action. An unanswered question (for me): what's the Ticketmaster/US Attorney General connection? Why did Wiseguys' actions elicit a PATRIOT Act like response? Who went to law school with whom and where? It seems to me US Attorney resources would be better used elsewhere (such as an investigation of the economic terrorist across the river on Wall Street). Jeff [1] http://www.dailyfinance.com/2011/01/27/ticketmaster-settlement-class-action-lawsuit-over-deceptive-fe/ _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
