-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Brian Godette writes: > On Tuesday 17 January 2006 01:02 pm, Justin Mason wrote: > > yeah, we were chatting about that on John-Graham Cumming's weblog. All I > > can think of is that they're attempting to evade another anti-spam > > product, one that uses OCR, but is secret/proprietary hence *we* don't > > know about it. > > Or the image could be randomly skewed to break hash based detection? Does > pyzor/razor/dcc even hash attachments? 1. there are many other, easier ways that spammers can break (and are currently breaking) image-hash schemes; colour LUT shuffling, random borders, random colour perturbation. 2. the second technique JGC posts -- whereby each line of text is cut in half, in two separate images -- is useless as a checksum defeating scheme, since the two halves would always sum to the same value; but *is* useful as an anti-OCR scheme. > > I'm surprised you had no XBL or SURBL hits either, btw! > > Pump & dumps don't need URLs. image spams often do -- to load the image ;) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDzWcmMJF5cimLx9ARAu9dAJ43Bc35k2xuLF98ayVaIgzYKK94LwCgh23P 1Ahci7zUP1uyMdgK9FUZXys= =ay6g -----END PGP SIGNATURE-----
