http://www.avirubin.com/scripted.attacks.pdf is an interesting, clueful paper that suggests that by exploiting search engine APIs, one can find large numbers of dead-tree info request forms, parse them, and submit a victim's info such that said victim (or their deadtree post office) is overwhelmed with physical mail. Some small comments: 1. The "Turing Tests" (sec 5.3) which try to assure that a human is doing the submission have two weaknesses. First, visual tests (which OCR can't handle) discriminate against the visually impaired, FWIW. Second, OCR folks (and machine vision folks in general) are always trying, for their own purposes, to make OCR as capable as humans. The gaps, point-noise, odd fonts, and distractors in "catpcha.net" like tests are all surmountable challenges for machine vision. And once solved once, they are available for all, as Schneier once emphesized (the script kiddy / internet problem) 2. The deadtree postal system is tolerant (because of humans in the loop) of small misspellings and other errors. As a result, automated counter-systems (possibly including honeynets) which attempt to detect address flooding would have a harder time recognizing semantically but not literally identical addresses.. 3. The authors' claim that part of their motivation for publishing (after sitting on this exploit for a while) is the availability of search APIs (sec 2). Frankly I don't see how Google (or other) APIs gives an advantage over scripts which emulate browsers paging through searches, except perhaps being a bit more direct for programmers/scripters. Doing a bit more parsing of HTML search results eliminates the need for any special API -in fact, it may be more general, and we do favor nonproprietary open standards over someone's beta API. ... Additional case studies are needed, however, to determine which traits of chemical and biological terrorists might help identify them because charisma, paranoia, and grandiosity are alo found to varying degreees among, for example, leaders of political parties, large corporations, and academic depts. --John T Finn, _Science_ v 289 1 sept 2000