Re: Password pirates plunder XXX sites, from The Netly News
Although you can never completely eliminate it, technological fixes to do velocity checking, source IP address profiling, etc., seem so obvious I just don't see how this can be any sort of insurmountable problem...
Agreed but see bellow
It should have been obvious from the start that you would have a lot more people trying to steal service from a porn site than from, say, a Disney site.
I think the problem is that a large number of the people who run porn sites are neither technically sophisticated nor well funded. I suspect that many do not know how to write a program and can't afford hiring someone to do it for them. Its a business where there are low barriers to entry and there are a very large number of competitors. One way of discouraging new entrants is to claim that there are major technical problems... Phill
[about people stealing passwords to porn sites]
Although you can never completely eliminate it, technological fixes to do velocity checking, source IP address profiling, etc., seem so obvious I just don't see how this can be any sort of insurmountable problem...
Maybe so, maybe not.
I think the problem is that a large number of the people who run porn sites are neither technically sophisticated nor well funded.
That profile's not exactly accurate. Some of the folks running porn sites are very sophisticated. More to the point, I don't know of *any* site that does the sort of protection proposed above. I don't think it's an easy thing to do. An enterprising person could probably turn quite a few bucks selling that sort of system. But do the porn sites want it? The stolen passwords might partly serve as free advertisement. The situation might be similar to (some kinds of) pirated software. The stolen version acts as a teaser but (hopefully) the consumer will eventually pay himself in order to have more convenient access.
I think the problem is that a large number of the people who run porn sites are neither technically sophisticated nor well funded.
That profile's not exactly accurate. Some of the folks running porn sites are very sophisticated.
Yes but I don't think those are the ones complaining. I noted that one of the porn sites has a implemented a very sophisticated version of the "referer" payment scheme I once proposed.
More to the point, I don't know of *any* site that does the sort of protection proposed above. I don't think it's an easy thing to do. An enterprising person could probably turn quite a few bucks selling that sort of system.
I'm sure a lot of folks are coding away as we speak. It would be a snap to do it for a threaded server like IIS. On Netscape the interpocess communications load would almost certainly burn you.
But do the porn sites want it? The stolen passwords might partly serve as free advertisement. The situation might be similar to (some kinds of) pirated software. The stolen version acts as a teaser but (hopefully) the consumer will eventually pay himself in order to have more convenient access.
This could well be the nub of the matter. It could well be the case that a lot of the passwords are sent out by the companies themselves. I note that there is a usenet group alt.sex.passwords... Phill
participants (3)
-
Hallam-Baker -
nelson@media.mit.edu -
Phillip M. Hallam-Baker