Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English
Translate This Page
Common Tasks
Search Form
  • Advanced search options...
Tag Cloud
Monthly Archives
Archives

Craigslist has some new security measures

MSDN Blogs > Terry Zink's Cyber Security Blog > Craigslist has some new security measures

Craigslist has some new security measures

3 Jun 2009 1:10 PM
  • Comments 1

A few months ago, I put up an ad on Craiglist advertising something of mine (I can’t remember what it was).  It was easy, all I had to do was click on a few links, put in the description, fill in my email address and hit Post.  No muss or fuss.  As I recall, I do not believe I had to sign up for anything.

Fast forward a few months, and Craiglist has revised their security model – I would assume that they read my blog and have finally realized that if you give something away for free, people will abuse it.  I posted something else and this time around, I couldn’t just post it without doing some complicated things.

  1. First, I had to sign up for an account.  “Odd,” I said.  “I don’t remember having to do this before.”  So, I signed up for an account.  But first, I had to pass the CAPTCHA.  It was a bit of a tricky one.  There were two words in the box and they were separated out by a large space, like the following:

    strong        mode

    I said to myself “How do I fill this out?  Do I type out ‘strongmode’ or ‘strong mode’ ?  In other words, should I include the space or shouldn’t I?  I didn’t, and the CAPTCHA passed.  Step one complete.

  2. I thought that was it.  I was wrong.  In order to post something, I had to pass another CAPTCHA!  This time, it was a phone verification.  In order to verify my account, I had to enter in a code that I would receive by telephone.  I entered in my phone number and they sent it to me via text message.  I took the number, filled it in (manually typing it in as I don’t have copy-and-paste facilities from my phone to my laptop) and enabled my account.

  3. I thought that was it.  I was still wrong!  In order to post my ad, I had to fill in a third CAPTCHA!  Again, it was two words with a space in between them.  Having learned from last time, I did not include the space and the test passed.  I got my ad posted online.

Craiglist has clearly implemented a bunch of new security measures that were not there in the past.  My guess is that spammers will not take the time to do all of that stuff, particularly the phone test.  The phone test was interesting; it’s something that I had heard talked about but didn’t think that anyone would actually do it in real life.  Craigslist does.

So good for them.  Hopefully this will cut down on the abuse that the site sees. And hey, how can I complain? The site is still free.

Leave a Comment
  • Please add 2 and 6 and type the answer here:
  • Post
Comments
  • 7 Jul 2009 4:12 PM

    Craigslist had to bite the dust with all the allegations and being connected to crimes and that’s really what happens if you don't put any sort of security measure to save the visitors and not the posters. Maybe they were so focused on the poster’s convenience before that they forgot the most important thing and that's with the reader's security. With all these security measures they had to put up, it's making it a lot safer for visitors and to minimize or totally remove spam posts.

Page 1 of 1 (1 items)